Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#38449 closed defect (bug) (fixed)

Twenty Seventeen: clean up excessive escaping in color-patterns.php

Reported by: celloexpressions's profile celloexpressions Owned by: davidakennedy's profile davidakennedy
Milestone: 4.7 Priority: normal
Severity: normal Version: 4.7
Component: Bundled Theme Keywords: has-patch
Focuses: Cc:

Description

For some reason, the $hue and $saturation variables have esc_attr every single time they appear in the CSS, making the CSS virtually unreadable. If these variables need to be escaped they should be escaped once when they're set. absint would be more appropriate for both anyway, as they're positive integers, then a % is appended to the saturation var. This is essentially a CSS file and the PHP pieces need to be as minimal/efficient as possible for readability.

Patch should wait for #38389 to avoid conflicting patches.

Attachments (2)

38449.diff (13.6 KB) - added by Fencer04 8 years ago.
absint used when fetching value. esc_attr removed from each instance of using the variables.
38449.1.diff (13.7 KB) - added by Fencer04 8 years ago.
Created new diff file from root for easier patch installation.

Download all attachments as: .zip

Change History (4)

@Fencer04
8 years ago

absint used when fetching value. esc_attr removed from each instance of using the variables.

#1 @Fencer04
8 years ago

  • Keywords has-patch added; needs-patch removed

Added a patch that uses absint when fetch the values and removed esc_attr from each instance of the variable in the $css string.

@Fencer04
8 years ago

Created new diff file from root for easier patch installation.

#2 @davidakennedy
8 years ago

  • Owner set to davidakennedy
  • Resolution set to fixed
  • Status changed from new to closed

In 38999:

Twenty Seventeen: Remove excessive escaping in color-patterns.php

Uses absint() to escape when getting value. Removes esc_attr from each instance of the variable.

Props fencer04.

Fixes #38449.

Note: See TracTickets for help on using tickets.