WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#17217 closed defect (bug) (fixed)

Walker_PageDropdown doesn't filter titles correctly

Reported by: Otto42 Owned by:
Milestone: 3.1.2 Priority: normal
Severity: normal Version: 3.1
Component: Administration Keywords: has-patch
Focuses: Cc:

Description (last modified by Otto42)

The Walker_PageDropdown has this code:

$title = esc_html($page->post_title);
$title = apply_filters( 'list_pages', $page->post_title );

Meaning that the esc_html is not applied properly, since $title just gets replaces with the $post_title again.

Fix is this:

$title = esc_html($page->post_title);
$title = apply_filters( 'list_pages', $title );

Patch attached.

Attachments (1)

walkerpatch.patch (469 bytes) - added by Otto42 8 years ago.

Download all attachments as: .zip

Change History (7)

@Otto42
8 years ago

#1 @Otto42
8 years ago

  • Description modified (diff)

#2 @Otto42
8 years ago

  • Component changed from Security to Administration
  • Priority changed from high to normal
  • Severity changed from major to normal

#3 @nacin
8 years ago

  • Milestone changed from Awaiting Review to 3.2

Going to tweak this a bit. Instead moving the esc_html() to after the filter, consistent with escaping as late as possible and also still passing post_title unescaped to the filter, as before.

#4 @nacin
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [17683]) Apply esc_html properly in Walker_PageDropdown. fixes #17217.

#5 @nacin
8 years ago

  • Milestone changed from 3.2 to 3.1.2

Broken in [16446].

#6 @nacin
8 years ago

(In [17685]) Apply esc_html properly in Walker_PageDropdown. fixes #17217 for the 3.1 branch.

Note: See TracTickets for help on using tickets.