Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 12 years ago

Closed 12 years ago

#22326 closed defect (bug) (fixed)

Inconsistent escaping in admin_color_scheme_picker()

Reported by:	johnjamesjacoby	Owned by:	ryan
Milestone:	3.5	Priority:	normal
Severity:	normal	Version:
Component:	Administration	Keywords:	has-patch commit
Focuses:		Cc:

Description

Problem

The output from admin_color_scheme_picker() inconsistently escapes variables created while looping through the $_wp_admin_css_colors global.

More Info

Unescaped variables:

$color (in some places)
$color_info->name
$html_color

Escaped variable:

$color (in one place)

Solutions

Escape everything. This makes the most sense to me; we shouldn't expect anyone that's using wp_admin_css_color() to pass already escaped output. Note that core does not escape it's own usage here.
Escape nothing, and expect escaped input. This is consistent with the rest of the function, but lame and complicated.

Patch Attached

Attached patch escapes all variable screen output.

Attachments (1)

22326.patch (1.2 KB) - added by johnjamesjacoby 12 years ago.

Download all attachments as: .zip

Change History (4)

@johnjamesjacoby
12 years ago

Attachment 22326.patch added

#1 @wonderboymusic
12 years ago

Keywords has-patch added

#2 @nacin
12 years ago

Keywords commit added
Milestone changed from Awaiting Review to 3.5

#3 @ryan
12 years ago

Owner set to ryan
Resolution set to fixed
Status changed from new to closed

Consistent escaping in admin_color_scheme_picker(). Props johnjamesjacoby. fixes #22326

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: