Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#28836 closed enhancement (fixed)

$taxonomy should be escaped in post_categories_meta_box()

Reported by: pbearne's profile pbearne Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 4.0 Priority: normal
Severity: normal Version: 2.6
Component: Taxonomy Keywords: has-patch commit
Focuses: administration Cc:

Description

Had a version of this code in a VIP theme and got asked to esc_attr the $taxonomy so have patch core as well

Attachments (2)

meta-boxes.php.patch (5.3 KB) - added by pbearne 8 years ago.
patch with escaping added
28836.patch (6.2 KB) - added by SergeyBiryukov 8 years ago.

Download all attachments as: .zip

Change History (6)

@pbearne
8 years ago

patch with escaping added

#1 @pbearne
8 years ago

  • Keywords has-patch added

#2 @DrewAPicture
8 years ago

  • Summary changed from Added esc_attr to post_categories_meta_box() function to $taxonomy should be escaped in post_categories_meta_box()
  • Version changed from trunk to 2.6

#3 @SergeyBiryukov
8 years ago

  • Component changed from General to Taxonomy
  • Focuses performance removed
  • Keywords commit added
  • Milestone changed from Awaiting Review to 4.0

28836.patch follows the same approach we use in post_tags_meta_box(): $tax_name is an escaped taxonomy name, $taxonomy is a taxonomy object.

#4 @SergeyBiryukov
8 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 29099:

Escape taxonomy name when used in attributes in post_categories_meta_box().

props pbearne.
fixes #28836.

Note: See TracTickets for help on using tickets.