Make WordPress Core


Ignore:
Timestamp:
06/24/2024 03:15:02 PM (4 months ago)
Author:
audrasjb
Message:

Grouped Backports to the 6.1 branch.

  • Editor: Fix Path Traversal issue on Windows in Template-Part Block.
  • Editor: Sanitize Template Part HTML tag on save.
  • HTML API: Run URL attributes through esc_url().

Merges [58470], [58471], [58472] and [58473] to the 6.1 branch.
Props xknown, peterwilsoncc, jorbin, bernhard-reiter, azaozz, dmsnell, gziolo.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/6.1/src/wp-includes/blocks/template-part.php

    r55830 r58480  
    142142    $content = $wp_embed->autoembed( $content );
    143143
    144     if ( empty( $attributes['tagName'] ) ) {
     144    if ( empty( $attributes['tagName'] ) || tag_escape( $attributes['tagName'] ) !== $attributes['tagName'] ) {
    145145        $defined_areas = get_allowed_block_template_part_areas();
    146146        $area_tag      = 'div';
Note: See TracChangeset for help on using the changeset viewer.