Make WordPress Core

Changeset 55846


Ignore:
Timestamp:
05/22/2023 02:14:10 PM (19 months ago)
Author:
SergeyBiryukov
Message:

Administration: Add missing escaping for CSS classes on the body tag in the admin.

Follow-up to [5892], [10823], [10868], [18882], [21014], [22000], [48060].

Propos rafiem, costdev, dd32, audrasjb, westonruter, SergeyBiryukov.
Fixes #58336.

Location:
trunk/src/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/admin-header.php

    r53061 r55846  
    243243$admin_body_classes = ltrim( $admin_body_classes . ' ' . $admin_body_class );
    244244?>
    245 <body class="wp-admin wp-core-ui no-js <?php echo $admin_body_classes; ?>">
     245<body class="wp-admin wp-core-ui no-js <?php echo esc_attr( $admin_body_classes ); ?>">
    246246<script type="text/javascript">
    247247    document.body.className = document.body.className.replace('no-js','js');
  • trunk/src/wp-admin/includes/template.php

    r55703 r55846  
    21792179    $admin_body_classes = ltrim( $admin_body_classes . ' ' . $admin_body_class );
    21802180    ?>
    2181 <body <?php echo $admin_body_id; ?>class="wp-admin wp-core-ui no-js iframe <?php echo $admin_body_classes; ?>">
     2181<body <?php echo $admin_body_id; ?>class="wp-admin wp-core-ui no-js iframe <?php echo esc_attr( $admin_body_classes ); ?>">
    21822182<script type="text/javascript">
    21832183(function(){
Note: See TracChangeset for help on using the changeset viewer.