WordPress.org
Get WordPress

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#55496 closed defect (bug) (fixed)

Escaping function missing.

Reported by: chintan1896's profile chintan1896 Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 6.0 Priority: normal
Severity: normal Version:
Component: Menus Keywords: has-patch
Focuses: administration Cc:

Description

Escaping function missing in /wp-admin/menu-header.php file.

Attachments (2)

55496.patch (513 bytes) - added by chintan1896 4 years ago.
55496.2.patch (677 bytes) - added by jigar bhanushali 4 years ago.

Download all attachments as: .zip

Change History (6)

@chintan1896
4 years ago

#1 follow-up: @mukesh27
4 years ago

  • Component changed from General to Menus
  • Keywords needs-refresh added
  • Milestone changed from Awaiting Review to 6.0

Hi there!

Thanks for the ticket and patch.

Can you please update the escape function for https://github.com/WordPress/WordPress/blob/master/wp-admin/menu-header.php#L132 from esc_attr to esc_url?

@jigar bhanushali
4 years ago

#2 in reply to: ↑ 1 @jigar bhanushali
4 years ago

@mukesh27 changes applied.

#3 @SergeyBiryukov
4 years ago

  • Keywords needs-refresh removed

#4 @SergeyBiryukov
4 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 53050:

Administration: Consistently escape icon URLs in the admin menu.

Follow-up to [9154], [26664].

Props chintan1896, jigar-bhanushali, mukesh27.
Fixes #55496.

Note: See TracTickets for help on using tickets.