Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#56674 closed defect (bug) (fixed)

Twenty Ten: Use 'esc_url' for 'get_author_posts_url' where appropriate

Reported by: hztyfoon's profile hztyfoon Owned by: audrasjb's profile audrasjb
Milestone: 6.1 Priority: normal
Severity: normal Version:
Component: Bundled Theme Keywords: has-patch commit
Focuses: coding-standards Cc:

Description

Follow up: #56667
PR incoming...

Change History (13)

This ticket was mentioned in PR #3351 on WordPress/wordpress-develop by hz-tyfoon.


2 years ago
#1

  • Keywords has-patch added

Trac ticket: 56674

#2 follow-up: @robinwpdeveloper
2 years ago

PR looks good to me.
Yes, we need to use esc_url() to maintain coding standards and for security purpose.

Thanks @hztyfoon

#3 @mukesh27
2 years ago

  • Milestone changed from Awaiting Review to 6.1

Hi there!

Thanks for the Ticket and PR!

The PR looks good to me. Approved

Moving to 6.1 milestones for visibility Feel free to change milestones.

#4 in reply to: ↑ 2 @rudlinkon
2 years ago

Replying to robinwpdeveloper:

PR looks good to me.
Yes, we need to use esc_url() to maintain coding standards and for security purpose.

Thanks @hztyfoon

Yes, I agree with you.

#5 follow-up: @audrasjb
2 years ago

  • Milestone changed from 6.1 to Future Release
  • Type changed from defect (bug) to enhancement

Removing from 6.1 as the beta cycle already started and this is not something introduced by 6.1.

#6 in reply to: ↑ 5 ; follow-ups: @SergeyBiryukov
2 years ago

Replying to audrasjb:

Removing from 6.1 as the beta cycle already started and this is not something introduced by 6.1.

Right, but I think this is just another coding standards update along the lines of [54341] / #56667. This would bring more consistency, as get_author_posts_url() appears to be escaped in other bundled themes, as well as in other files of the same theme (two links are escaped and two are not, which is fixed by this patch).

So if that change went in, it seems like this should go in too :) Otherwise we'd have to bump the theme version just for [54341], and then bump it again just for this patch.

#7 in reply to: ↑ 6 @rudlinkon
2 years ago

Replying to SergeyBiryukov:

Replying to audrasjb:

Removing from 6.1 as the beta cycle already started and this is not something introduced by 6.1.

Right, but I think this is just another coding standards update along the lines of [54341] / #56667. This would bring more consistency, as get_author_posts_url() appears to be escaped in other bundled themes, as well as in other files of the same theme (two links are escaped and two are not, which is fixed by this patch).

So if that change went in, it seems like this should go in too :) Otherwise we'd have to bump the theme version just for [54341], and then bump it again just for this patch.

Yes, you are right, I think this patch should publish in 6.1 because already some of this type of issue is accepted in 6.1 and this is not a big change.

#8 in reply to: ↑ 6 @jakariaistauk
2 years ago

Replying to SergeyBiryukov:

Replying to audrasjb:

Removing from 6.1 as the beta cycle already started and this is not something introduced by 6.1.

Right, but I think this is just another coding standards update along the lines of [54341] / #56667. This would bring more consistency, as get_author_posts_url() appears to be escaped in other bundled themes, as well as in other files of the same theme (two links are escaped and two are not, which is fixed by this patch).

So if that change went in, it seems like this should go in too :) Otherwise we'd have to bump the theme version just for [54341], and then bump it again just for this patch.

Yes, I also agree with you. because it is not a big change and some same patches were accepted so this patch also can be merged with 6.1

#9 @hztyfoon
2 years ago

Thanks @SergeyBiryukov,
I also agree.

As this is not a big/breaking change and as the similar mentioned ([54341] / #56667) patch already merged with 6.1, It'd be consistent if this one goes in with 6.1

Also,
I'm looking for more potential coding standard related changes and hoping to bring them to light to bring more consistency in the core codebase.

#10 @audrasjb
2 years ago

  • Milestone changed from Future Release to 6.1
  • Type changed from enhancement to defect (bug)

Alright, let's move it back to 6.1 then :)

I'll commit it right now so it's done.

#11 @audrasjb
2 years ago

  • Keywords commit added
  • Owner set to audrasjb
  • Status changed from new to accepted

#12 @audrasjb
2 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 54344:

Twenty Ten: Escape get_author_posts_url() where appropriate in functions.php file.

This changeset adds missing escaping to some instances of get_author_posts_url() used in Twenty Ten, as per WordPress Coding Standards.

Props hztyfoon, robinwpdeveloper, mukesh27, rudlinkon, SergeyBiryukov, jakariaistauk.
Fixes #56674.

Note: See TracTickets for help on using tickets.