Changeset 59990

Timestamp:

03/16/2025 08:45:08 PM (6 weeks ago)

Author:

SergeyBiryukov

Message:

Coding Standards: Escape thumbnail URL and attributes in wp_image_editor().

Follow-up to [11965].

Props benazeer, dhruvang21, sabernhardt.
Fixes #62951.

File:

• trunk/src/wp-admin/includes/image-edit.php (modified) (2 diffs)

trunk/src/wp-admin/includes/image-edit.php

@@ -294 +294 @@
         <div class="imgedit-thumbnail-preview-group">
             <figure class="imgedit-thumbnail-preview">
-                <img src="<?php echo $thumb['url']; ?>" width="<?php echo $thumb_img[0]; ?>" height="<?php echo $thumb_img[1]; ?>" class="imgedit-size-preview" alt="" draggable="false" />
+                <img src="<?php echo esc_url( $thumb['url'] ); ?>" width="<?php echo esc_attr( $thumb_img[0] ); ?>" height="<?php echo esc_attr( $thumb_img[1] ); ?>" class="imgedit-size-preview" alt="" draggable="false" />
                 <figcaption class="imgedit-thumbnail-preview-caption"><?php _e( 'Current thumbnail' ); ?></figcaption>
             </figure>
@@ -535 +535 @@
  *
  * @ignore
- * @param resource|GdImage  $img   Image resource.
- * @param float|int         $angle Image rotation angle, in degrees.
+ * @param resource|GdImage $img   Image resource.
+ * @param float|int        $angle Image rotation angle, in degrees.
  * @return resource|GdImage|false GD image resource or GdImage instance, false otherwise.
  */