Opened 3 years ago
Closed 3 years ago
#53349 closed defect (bug) (fixed)
Added esc_attr in Edit Comment Form Field
Reported by: | utsav72640 | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 5.8 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Comments | Keywords: | has-patch |
Focuses: | administration, coding-standards | Cc: |
Description
Added Escaping Function Was Used in wp-admin\edit-form-comment.php
Attachments (1)
Change History (3)
#1
@
3 years ago
- Component changed from General to Comments
- Focuses administration added
- Milestone changed from Awaiting Review to 5.8
Hi there, thanks for the patch!
It looks like esc_attr()
here was previously removed in [11721].
Technically, it would be redundant, as the comment_author
, comment_author_email
, and comment_author_url
fields are all escaped with esc_textarea()
via format_to_edit()
called from get_comment_to_edit()
, before the edit-form-comment.php file is loaded.
That said, since comment_author
and comment_author_url
are also escaped with esc_attr()
in the same form, I don't see any harm in doing that for comment_author_email
too, for consistency and to avoid any future confusion.
Note: See
TracTickets for help on using
tickets.
wp-admin\edit-form-comment.php