$meta['quote_source_name'] in get_the_post_format_quote() needs to be escaped
|Reported by:||tollmanz||Owned by:|
HTML in $meta['quote_source_name'] should be escaped when accessed via get_the_post_format_quote(). Adding certain HTML to the source name can break the layout.
This can be recreated by doing the following:
- Add a new quote post
- Give it a title and some text
- In the "Quote Source" field, add </div>
Change History (4)
comment:2 SergeyBiryukov — 10 months ago
- Keywords has-patch commit added
- Milestone changed from Awaiting Review to 3.6
Note: See TracTickets for help on using tickets.