Opened 4 years ago
Closed 4 years ago
#53349 closed defect (bug) (fixed)
Added esc_attr in Edit Comment Form Field
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 5.8 | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Comments | Keywords: | has-patch |
| Focuses: | administration, coding-standards | Cc: |
Description
Added Escaping Function Was Used in wp-admin\edit-form-comment.php
Attachments (1)
Change History (3)
#1
@
4 years ago
- Component changed from General to Comments
- Focuses administration added
- Milestone changed from Awaiting Review to 5.8
Hi there, thanks for the patch!
It looks like esc_attr() here was previously removed in [11721].
Technically, it would be redundant, as the comment_author, comment_author_email, and comment_author_url fields are all escaped with esc_textarea() via format_to_edit() called from get_comment_to_edit(), before the edit-form-comment.php file is loaded.
That said, since comment_author and comment_author_url are also escaped with esc_attr() in the same form, I don't see any harm in doing that for comment_author_email too, for consistency and to avoid any future confusion.
Note: See
TracTickets for help on using
tickets.
wp-admin\edit-form-comment.php