WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#37457 closed defect (bug) (fixed)

Review usage of esc_attr_e()

Reported by: afercia Owned by: johnbillion
Milestone: 4.7 Priority: low
Severity: normal Version:
Component: I18N Keywords: good-first-bug has-patch
Focuses: Cc:

Description

Spotted a few places where esc_attr_e() is probably used not correctly, maybe worth double checking if there are more places:

Here it should probably be echo esc_url() and the URL should be translatable as done in other similar cases:

setup-config.php
<p id="logo"><a href="<?php esc_attr_e( 'https://wordpress.org/' ); ?>" ...

In the following cases the string are used for plain HTML text, they're not attributes:

revision.php
...
	<?php esc_attr_e( 'Compare any two revisions' ); ?>
</label>


comment.php
... <?php esc_attr_e( 'Edit' ); ?></a>
... <?php esc_attr_e( 'Cancel' ); ?></a>

Attachments (1)

37457.diff (10.0 KB) - added by henry.wright 4 years ago.

Download all attachments as: .zip

Change History (10)

#1 @ocean90
4 years ago

  • Component changed from Administration to I18N

#2 follow-up: @SergeyBiryukov
4 years ago

Previously: #23334.

Here it should probably be echo esc_url() and the URL should be translatable as done in other similar cases:

setup-config.php
<p id="logo"><a href="<?php esc_attr_e( 'https://wordpress.org/' ); ?>" ...

esc_url() is not available at that point, see [23455].

#3 in reply to: ↑ 2 @SergeyBiryukov
4 years ago

Replying to SergeyBiryukov:

esc_url() is not available at that point, see [23455].

Apparently it is available since [28978] :)

#4 @henry.wright
4 years ago

I've been through the codebase and found the following places where esc_attr_e() is used incorrectly:

  • wp-includes/media-template.php
  • wp-admin/includes/revision.php
  • wp-admin/comment.php
  • wp-login.php
  • wp-admin/theme-editor.php - Just need to remove white space
  • wp-admin/setup-config.php

@henry.wright
4 years ago

#5 @henry.wright
4 years ago

  • Keywords has-patch added; needs-patch removed

37457.diff fixes esc_attr_e() usage.

#6 @SergeyBiryukov
4 years ago

  • Keywords 4.7-early added

#7 @johnbillion
4 years ago

  • Milestone changed from Future Release to 4.7

#8 @johnbillion
4 years ago

  • Keywords 4.7-early removed
  • Owner set to johnbillion
  • Priority changed from normal to low
  • Status changed from new to reviewing

#9 @johnbillion
3 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 38424:

I18N: Correct various instances of incorrect usage of esc_attr_e().

Fixes #37457
Props henry.wright, afercia

Note: See TracTickets for help on using tickets.