Opened 3 years ago
Closed 3 years ago
#56486 closed defect (bug) (reported-upstream)
Securing (escaping) Output : escaping home_url() is missing in categories.php
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 6.0 |
| Component: | Editor | Keywords: | has-patch |
| Focuses: | administration, coding-standards | Cc: |
Description
In the /wp-includes/blocks/categories.php
escaping home_url() is missing. As per WordPress coding standards, whenever rendering any data should escape it properly.
Attachments (1)
Change History (4)
#1
follow-up:
↓ 2
@
3 years ago
- Component changed from Administration to Editor
Hi there, welcome to WordPress Trac! Thanks for the ticket and the patch.
Please note that files in wp-includes/blocks/ should not be patched directly here in this repository. Instead, it would need to be fixed in the block-library package upstream, specifically in the categories block, and then it will be backported to core as part of package updates.
Could you create an issue or PR at https://github.com/WordPress/gutenberg? Thanks!
#2
in reply to:
↑ 1
@
3 years ago
Replying to SergeyBiryukov:
Hi there, welcome to WordPress Trac! Thanks for the ticket and the patch.
Please note that files in
wp-includes/blocks/should not be patched directly here in this repository. Instead, it would need to be fixed in the block-library package upstream, specifically in the categories block, and then it will be backported to core as part of package updates.
Could you create an issue or PR at https://github.com/WordPress/gutenberg? Thanks!
I have created an issue at https://github.com/WordPress/gutenberg.
Here is the link: https://github.com/WordPress/gutenberg/issues/43812
Thanks!
patch added.