WordPress.org

Make WordPress Core

Opened 22 months ago

Closed 22 months ago

Last modified 22 months ago

#21849 closed defect (bug) (invalid)

Update wp-comments-post.php from using escape() to esc_attr()

Reported by: ryansatterfield Owned by: ryansatterfield
Milestone: Priority: normal
Severity: minor Version: 3.4.2
Component: Comments Keywords: has-patch
Focuses: Cc:

Description

I noticed that wp-comments-post.php is still using the escape function, so I replaced it with esc_attr().

Attachments (1)

wp-comments-post.php (3.5 KB) - added by ryansatterfield 22 months ago.
Removed old escape function from lines 59 to 61

Download all attachments as: .zip

Change History (3)

ryansatterfield22 months ago

Removed old escape function from lines 59 to 61

comment:1 nacin22 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Type changed from task (blessed) to defect (bug)

Rather than a full file, you can submit a patch using Subversion: http://make.wordpress.org/core/handbook/submitting-a-patch/.

Did you try to submit a comment with this patch? esc_attr() does not exist as a method on the $wpdb object. This will end up with a fatal error.

esc_attr() is for escaping output into an HTML attribute. $wpdb->escape() is for escaping input to be used in a database query. There's more on http://codex.wordpress.org/Data_Validation.

comment:2 ryansatterfield22 months ago

I apologize for the mistake. I will use Subversion from now on.

Note: See TracTickets for help on using tickets.