Twenty Fourteen: Unescaped 'href' of an 'a' tag in 'inc/widgets.php'

[paulamit]

Hey! @everyone,

Well, It's my first ticket in WordPress Core. Excited to contribute to WordPress Core.

I've noticed an unescaped 'href' of an 'a tag' in 'wp-content/themes/twentyfourteen/inc/widgets.php' in line number 192. I think it should be escaped.

Thanks!

[mahbubshovan]

Good finding. This patch should get it done.

[hztyfoon]

Hey @paulamit. 🤗
Welcome to WordPress trac. Thanks for your ticket. Good findnings. Hope U'll make more contributions & make WordPress better.

Also, Thanks @mahbubshovan for the patch. It looks good to me.

[ocean90]

Hello @paulamit, welcome to WordPress Trac!

the_permalink() doesn't return the permalink but rather prints it
directly and already uses esc_url() before doing that. You can review
the ​source of the function in the code reference.

@paulamit @mahbubshovan @hztyfoon It's seems like you're working together. Please make sure you're also testing you patches and try to use the code reference to check how a function actually works. Thank you!

[hztyfoon]

Thanks @ocean90 for pointing it out.
I thought those should be escaped as they're inside 'href'.

Yes They're new and interested to core contribution. Just helping them out.

[sajjad67]

@paulamit @hztyfoon @mahbubshovan We appreciate your contributions of any kind! But don't create tickets first without checking the source code / the documentation! And to me also checking other tickets, it seems actually you're working together to submit any kind of patch. That's not how it works!

[costdev]

Agreed - we appreciate your contributions! Contributing to Core was learning experience for us all! Feel free to ping me on Slack (@costdev) if you have any questions.

Also, our next New Contributors Meeting is on Wednesday, July 13, 2022, 19:00 UTC which can be really useful for information and resources. ​Here's a link to our previous New Contributors Meeting for your reference.