Make WordPress Core


Ignore:
Timestamp:
08/24/2023 07:41:16 PM (16 months ago)
Author:
peterwilsoncc
Message:

Administration: Escape post type output as field attribute.

Props viralsampat.
Fixes #59190.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/edit.php

    r55988 r56456  
    483483
    484484<input type="hidden" name="post_status" class="post_status_page" value="<?php echo ! empty( $_REQUEST['post_status'] ) ? esc_attr( $_REQUEST['post_status'] ) : 'all'; ?>" />
    485 <input type="hidden" name="post_type" class="post_type_page" value="<?php echo $post_type; ?>" />
     485<input type="hidden" name="post_type" class="post_type_page" value="<?php echo esc_attr( $post_type ); ?>" />
    486486
    487487<?php if ( ! empty( $_REQUEST['author'] ) ) { ?>
Note: See TracChangeset for help on using the changeset viewer.