Make WordPress Core

Opened 22 months ago

Closed 19 months ago

Last modified 19 months ago

#57143 closed defect (bug) (fixed)

Add escaping properly in Permalink options page

Reported by: jaedm97's profile jaedm97 Owned by: audrasjb's profile audrasjb
Milestone: 6.2 Priority: normal
Severity: normal Version:
Component: Permalinks Keywords: has-patch commit
Focuses: administration Cc:

Description

In the options-permalink.php, I noticed there are some missing escaping. I think these should be escaped properly. Example

<?php echo '%' . $tag . '%'; ?>

Here the variable $tag is not escaped while using.

Attachments (1)

57143.diff (2.3 KB) - added by jaedm97 22 months ago.
Created patch.

Download all attachments as: .zip

Change History (11)

@jaedm97
22 months ago

Created patch.

#1 @jaedm97
22 months ago

  • Focuses administration added
  • Keywords has-patch added

#2 @SergeyBiryukov
22 months ago

  • Component changed from Administration to Permalinks

#3 @SergeyBiryukov
22 months ago

  • Milestone changed from Awaiting Review to 6.2

#5 @robinwpdeveloper
20 months ago

PR has passed all checks.
Searched options-permalink.php with the term echo
There were 10 occurances.
8 resolved after applying patch.

2 more occurances of echo $blog_prefix; which has static value /blog.

✅ Patch looks good to go for 6.2

#6 @shraboni
20 months ago

I’ve Re-checked the mentioned PR that @robinwpdeveloper checked.

Searched options-permalink.php with the term echo
There were 10 occurrences.
After applying the patch 8 occurrences are resolved and there are 2 more occurrences echo $blog_prefix

Screenshot: https://d.pr/i/rMUnsa

✅ Patch looks good for 6.2

Last edited 20 months ago by shraboni (previous) (diff)

#7 @audrasjb
19 months ago

  • Keywords commit added
  • Version trunk deleted

Self assigning for commit.

#8 @audrasjb
19 months ago

  • Owner set to audrasjb
  • Status changed from new to accepted

#9 @audrasjb
19 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 55331:

Permalinks: Properly escape strings in Permalinks Settings screen.

Props jaedm97, audrasjb, robinwpdeveloper, shraboni.
Fixes #57143.

Note: See TracTickets for help on using tickets.