Opened 3 years ago
Closed 3 years ago
#56834 closed defect (bug) (reported-upstream)
Correctly escape `$comment->comment_author_url` URL
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Editor | Keywords: | has-patch |
| Focuses: | coding-standards | Cc: |
Description
IN 'wp-includes/blocks/avatar.php' on line 130 I've found that $comment->comment_author_url was used without escaping. I think we can improve it by escaping the URL for more consistency.
Attachments (1)
Change History (6)
#2
@
3 years ago
Thanks for the fix!
Could you please apply it to the Gutenberg plugin? That way, in future releases of WP, this change won't be overridden during the automatic synchronization between the block library package and WordPress Core.
#3
@
3 years ago
- Component changed from General to Editor
Hi there, welcome to WordPress Trac! Thanks for the ticket and the patch.
As noted above, files in wp-includes/blocks/ should not be patched directly here in this repository. Instead, it would need to be fixed in the block-library package upstream, specifically in the avatar block, and then it will be merged into core as part of package updates.
Could you create an issue or PR at https://github.com/WordPress/gutenberg? Thanks!
#4
@
3 years ago
Hi @SergeyBiryukov, @cbravobernal
Thank you so much for the direction.
I have created a PR in this https://github.com/WordPress/gutenberg/ repository.
Created Patch