WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#27274 closed defect (bug) (fixed)

_e() used incorrectly for attribute values

Reported by: DJPaul Owned by: SergeyBiryukov
Milestone: 3.9 Priority: normal
Severity: normal Version: 3.9
Component: I18N Keywords: has-patch commit
Focuses: Cc:

Description

There are a couple of places where _e is being used to set the value of a HTML attribute, where esc_attr_e should be used to correctly escape the output.

Attachments (1)

27274.01.patch (1.5 KB) - added by DJPaul 7 years ago.

Download all attachments as: .zip

Change History (5)

@DJPaul
7 years ago

#1 @DJPaul
7 years ago

  • Keywords has-patch added

#2 @SergeyBiryukov
7 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 3.9

#4 @SergeyBiryukov
7 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 27400:

Use esc_attr_e() instead of _e() for attribute values.

props DJPaul.
fixes #27274.

Note: See TracTickets for help on using tickets.