Make WordPress Core

Changeset 55615


Ignore:
Timestamp:
03/31/2023 03:58:49 PM (21 months ago)
Author:
SergeyBiryukov
Message:

Coding Standards: Escape some variables in wp-admin/includes/nav-menu.php.

This ensures that post type or taxonomy name is consistently escaped in:

  • wp_nav_menu_item_post_type_meta_box()
  • wp_nav_menu_item_taxonomy_meta_box()

Follow-up to [14248], [23707].

Props zenaulislam, SergeyBiryukov.
Fixes #57110.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/nav-menu.php

    r55596 r55615  
    507507    }
    508508    ?>
    509     <div id="posttype-<?php echo $post_type_name; ?>" class="posttypediv">
    510         <ul id="posttype-<?php echo $post_type_name; ?>-tabs" class="posttype-tabs add-menu-item-tabs">
     509    <div id="posttype-<?php echo esc_attr( $post_type_name ); ?>" class="posttypediv">
     510        <ul id="posttype-<?php echo esc_attr( $post_type_name ); ?>-tabs" class="posttype-tabs add-menu-item-tabs">
    511511            <li <?php echo ( 'most-recent' === $current_tab ? ' class="tabs"' : '' ); ?>>
    512512                <a class="nav-tab-link" data-type="tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-most-recent" href="<?php echo $most_recent_url; ?>#tabs-panel-posttype-<?php echo $post_type_name; ?>-most-recent">
     
    526526        </ul><!-- .posttype-tabs -->
    527527
    528         <div id="tabs-panel-posttype-<?php echo $post_type_name; ?>-most-recent" class="tabs-panel <?php echo ( 'most-recent' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php esc_attr_e( 'Most Recent' ); ?>" tabindex="0">
    529             <ul id="<?php echo $post_type_name; ?>checklist-most-recent" class="categorychecklist form-no-clear">
     528        <div id="tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-most-recent" class="tabs-panel <?php echo ( 'most-recent' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php esc_attr_e( 'Most Recent' ); ?>" tabindex="0">
     529            <ul id="<?php echo esc_attr( $post_type_name ); ?>checklist-most-recent" class="categorychecklist form-no-clear">
    530530                <?php
    531531                $recent_args    = array_merge(
     
    566566        </div><!-- /.tabs-panel -->
    567567
    568         <div class="tabs-panel <?php echo ( 'search' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" id="tabs-panel-posttype-<?php echo $post_type_name; ?>-search" role="region" aria-label="<?php echo $post_type->labels->search_items; ?>" tabindex="0">
     568        <div class="tabs-panel <?php echo ( 'search' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" id="tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-search" role="region" aria-label="<?php echo esc_attr( $post_type->labels->search_items ); ?>" tabindex="0">
    569569            <?php
    570570            if ( isset( $_REQUEST[ 'quick-search-posttype-' . $post_type_name ] ) ) {
     
    584584            ?>
    585585            <p class="quick-search-wrap">
    586                 <label for="quick-search-posttype-<?php echo $post_type_name; ?>" class="screen-reader-text">
     586                <label for="quick-search-posttype-<?php echo esc_attr( $post_type_name ); ?>" class="screen-reader-text">
    587587                    <?php
    588588                    /* translators: Hidden accessibility text. */
     
    590590                    ?>
    591591                </label>
    592                 <input type="search"<?php wp_nav_menu_disabled_check( $nav_menu_selected_id ); ?> class="quick-search" value="<?php echo $searched; ?>" name="quick-search-posttype-<?php echo $post_type_name; ?>" id="quick-search-posttype-<?php echo $post_type_name; ?>" />
     592                <input type="search"<?php wp_nav_menu_disabled_check( $nav_menu_selected_id ); ?> class="quick-search" value="<?php echo $searched; ?>" name="quick-search-posttype-<?php echo esc_attr( $post_type_name ); ?>" id="quick-search-posttype-<?php echo esc_attr( $post_type_name ); ?>" />
    593593                <span class="spinner"></span>
    594594                <?php submit_button( __( 'Search' ), 'small quick-search-submit hide-if-js', 'submit', false, array( 'id' => 'submit-quick-search-posttype-' . $post_type_name ) ); ?>
    595595            </p>
    596596
    597             <ul id="<?php echo $post_type_name; ?>-search-checklist" data-wp-lists="list:<?php echo $post_type_name; ?>" class="categorychecklist form-no-clear">
     597            <ul id="<?php echo esc_attr( $post_type_name ); ?>-search-checklist" data-wp-lists="list:<?php echo esc_attr( $post_type_name ); ?>" class="categorychecklist form-no-clear">
    598598            <?php if ( ! empty( $search_results ) && ! is_wp_error( $search_results ) ) : ?>
    599599                <?php
     
    609609        </div><!-- /.tabs-panel -->
    610610
    611         <div id="<?php echo $post_type_name; ?>-all" class="tabs-panel tabs-panel-view-all <?php echo ( 'all' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php echo $post_type->labels->all_items; ?>" tabindex="0">
     611        <div id="<?php echo esc_attr( $post_type_name ); ?>-all" class="tabs-panel tabs-panel-view-all <?php echo ( 'all' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php echo esc_attr( $post_type->labels->all_items ); ?>" tabindex="0">
    612612            <?php if ( ! empty( $page_links ) ) : ?>
    613613                <div class="add-menu-item-pagelinks">
     
    615615                </div>
    616616            <?php endif; ?>
    617             <ul id="<?php echo $post_type_name; ?>checklist" data-wp-lists="list:<?php echo $post_type_name; ?>" class="categorychecklist form-no-clear">
     617            <ul id="<?php echo esc_attr( $post_type_name ); ?>checklist" data-wp-lists="list:<?php echo esc_attr( $post_type_name ); ?>" class="categorychecklist form-no-clear">
    618618                <?php
    619619                $args['walker'] = $walker;
     
    809809    }
    810810    ?>
    811     <div id="taxonomy-<?php echo $taxonomy_name; ?>" class="taxonomydiv">
    812         <ul id="taxonomy-<?php echo $taxonomy_name; ?>-tabs" class="taxonomy-tabs add-menu-item-tabs">
     811    <div id="taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" class="taxonomydiv">
     812        <ul id="taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>-tabs" class="taxonomy-tabs add-menu-item-tabs">
    813813            <li <?php echo ( 'most-used' === $current_tab ? ' class="tabs"' : '' ); ?>>
    814                 <a class="nav-tab-link" data-type="tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-pop" href="<?php echo $most_used_url; ?>#tabs-panel-<?php echo $taxonomy_name; ?>-pop">
     814                <a class="nav-tab-link" data-type="tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-pop" href="<?php echo $most_used_url; ?>#tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-pop">
    815815                    <?php echo esc_html( $taxonomy->labels->most_used ); ?>
    816816                </a>
    817817            </li>
    818818            <li <?php echo ( 'all' === $current_tab ? ' class="tabs"' : '' ); ?>>
    819                 <a class="nav-tab-link" data-type="tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-all" href="<?php echo $view_all_url; ?>#tabs-panel-<?php echo $taxonomy_name; ?>-all">
     819                <a class="nav-tab-link" data-type="tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-all" href="<?php echo $view_all_url; ?>#tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-all">
    820820                    <?php _e( 'View All' ); ?>
    821821                </a>
    822822            </li>
    823823            <li <?php echo ( 'search' === $current_tab ? ' class="tabs"' : '' ); ?>>
    824                 <a class="nav-tab-link" data-type="tabs-panel-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" href="<?php echo $search_url; ?>#tabs-panel-search-taxonomy-<?php echo $taxonomy_name; ?>">
     824                <a class="nav-tab-link" data-type="tabs-panel-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" href="<?php echo $search_url; ?>#tabs-panel-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>">
    825825                    <?php _e( 'Search' ); ?>
    826826                </a>
     
    828828        </ul><!-- .taxonomy-tabs -->
    829829
    830         <div id="tabs-panel-<?php echo $taxonomy_name; ?>-pop" class="tabs-panel <?php echo ( 'most-used' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php echo $taxonomy->labels->most_used; ?>" tabindex="0">
    831             <ul id="<?php echo $taxonomy_name; ?>checklist-pop" class="categorychecklist form-no-clear" >
     830        <div id="tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-pop" class="tabs-panel <?php echo ( 'most-used' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php echo esc_attr( $taxonomy->labels->most_used ); ?>" tabindex="0">
     831            <ul id="<?php echo esc_attr( $taxonomy_name ); ?>checklist-pop" class="categorychecklist form-no-clear" >
    832832                <?php
    833833                $popular_terms  = get_terms(
     
    846846        </div><!-- /.tabs-panel -->
    847847
    848         <div id="tabs-panel-<?php echo $taxonomy_name; ?>-all" class="tabs-panel tabs-panel-view-all <?php echo ( 'all' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php echo $taxonomy->labels->all_items; ?>" tabindex="0">
     848        <div id="tabs-panel-<?php echo esc_attr( $taxonomy_name ); ?>-all" class="tabs-panel tabs-panel-view-all <?php echo ( 'all' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" role="region" aria-label="<?php echo esc_attr( $taxonomy->labels->all_items ); ?>" tabindex="0">
    849849            <?php if ( ! empty( $page_links ) ) : ?>
    850850                <div class="add-menu-item-pagelinks">
     
    852852                </div>
    853853            <?php endif; ?>
    854             <ul id="<?php echo $taxonomy_name; ?>checklist" data-wp-lists="list:<?php echo $taxonomy_name; ?>" class="categorychecklist form-no-clear">
     854            <ul id="<?php echo esc_attr( $taxonomy_name ); ?>checklist" data-wp-lists="list:<?php echo esc_attr( $taxonomy_name ); ?>" class="categorychecklist form-no-clear">
    855855                <?php
    856856                $args['walker'] = $walker;
     
    865865        </div><!-- /.tabs-panel -->
    866866
    867         <div class="tabs-panel <?php echo ( 'search' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" id="tabs-panel-search-taxonomy-<?php echo $taxonomy_name; ?>" role="region" aria-label="<?php echo $taxonomy->labels->search_items; ?>" tabindex="0">
     867        <div class="tabs-panel <?php echo ( 'search' === $current_tab ? 'tabs-panel-active' : 'tabs-panel-inactive' ); ?>" id="tabs-panel-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" role="region" aria-label="<?php echo esc_attr( $taxonomy->labels->search_items ); ?>" tabindex="0">
    868868            <?php
    869869            if ( isset( $_REQUEST[ 'quick-search-taxonomy-' . $taxonomy_name ] ) ) {
     
    885885            ?>
    886886            <p class="quick-search-wrap">
    887                 <label for="quick-search-taxonomy-<?php echo $taxonomy_name; ?>" class="screen-reader-text">
     887                <label for="quick-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" class="screen-reader-text">
    888888                    <?php
    889889                    /* translators: Hidden accessibility text. */
     
    891891                    ?>
    892892                </label>
    893                 <input type="search" class="quick-search" value="<?php echo $searched; ?>" name="quick-search-taxonomy-<?php echo $taxonomy_name; ?>" id="quick-search-taxonomy-<?php echo $taxonomy_name; ?>" />
     893                <input type="search" class="quick-search" value="<?php echo $searched; ?>" name="quick-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" id="quick-search-taxonomy-<?php echo esc_attr( $taxonomy_name ); ?>" />
    894894                <span class="spinner"></span>
    895895                <?php submit_button( __( 'Search' ), 'small quick-search-submit hide-if-js', 'submit', false, array( 'id' => 'submit-quick-search-taxonomy-' . $taxonomy_name ) ); ?>
    896896            </p>
    897897
    898             <ul id="<?php echo $taxonomy_name; ?>-search-checklist" data-wp-lists="list:<?php echo $taxonomy_name; ?>" class="categorychecklist form-no-clear">
     898            <ul id="<?php echo esc_attr( $taxonomy_name ); ?>-search-checklist" data-wp-lists="list:<?php echo esc_attr( $taxonomy_name ); ?>" class="categorychecklist form-no-clear">
    899899            <?php if ( ! empty( $search_results ) && ! is_wp_error( $search_results ) ) : ?>
    900900                <?php
Note: See TracChangeset for help on using the changeset viewer.