Opened 2 years ago
Closed 2 years ago
#56145 closed defect (bug) (fixed)
unescaped 'home_url()' in 'wp-admin/themes.php' file in 'line 269'
Reported by: | obayedmamur | Owned by: | desrosj |
---|---|---|---|
Milestone: | 6.1 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Themes | Keywords: | has-patch commit |
Focuses: | administration | Cc: |
Description
Hi there, 🙂
It's my first ticket at WordPress core.
I've found that in 'wp-admin/themes.php' file, in line number 269 there's 'home_url()' used without escaping. I think it should be escaped.
Attachments (2)
Change History (17)
#3
@
2 years ago
- Keywords commit added
- Milestone changed from Awaiting Review to 6.1
- Version trunk deleted
Hi @obayedmamur, welcome to Trac and thanks for the patch!
The patch looks good to me. 👍
#5
follow-up:
↓ 7
@
2 years ago
- Keywords changes-requested added; commit removed
@hurayraiit It looks like there is a second instance of home_url()
not being wrapped with esc_url()
that 56145.patch fixes, but the one mentioned in the original ticket title is not corrected.
Could you change both at the same time in one patch?
#7
in reply to:
↑ 5
@
2 years ago
Replying to desrosj:
@hurayraiit It looks like there is a second instance of
home_url()
not being wrapped withesc_url()
that 56145.patch fixes, but the one mentioned in the original ticket title is not corrected.
Could you change both at the same time in one patch?
Yeah, absolutely. Let me check please.
#8
@
2 years ago
Hi @desrosj
Thanks for the comment. I have attached the patch for line 273 also in the second attachment(56145_1.patch). Please let me know if there's anything else I can do.
Hey @obayedmamur, thanks for your contribution to WordPress. Hope you'll continue your contribution.