#57143 closed defect (bug) (fixed)
Add escaping properly in Permalink options page
Reported by: | jaedm97 | Owned by: | audrasjb |
---|---|---|---|
Milestone: | 6.2 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Permalinks | Keywords: | has-patch commit |
Focuses: | administration | Cc: |
Description
In the options-permalink.php
, I noticed there are some missing escaping. I think these should be escaped properly. Example
<?php echo '%' . $tag . '%'; ?>
Here the variable $tag
is not escaped while using.
Attachments (1)
Change History (11)
This ticket was mentioned in PR #3883 on WordPress/wordpress-develop by @audrasjb.
20 months ago
#4
Patch refresh for https://core.trac.wordpress.org/ticket/57143
#5
@
20 months ago
PR has passed all checks.
Searched options-permalink.php with the term echo
There were 10 occurances.
8 resolved after applying patch.
2 more occurances of echo $blog_prefix;
which has static value /blog
.
✅ Patch looks good to go for 6.2
#6
@
20 months ago
I’ve Re-checked the mentioned PR that @robinwpdeveloper checked.
Searched options-permalink.php with the term echo
There were 10 occurrences.
After applying the patch 8 occurrences are resolved and there are 2 more occurrences echo $blog_prefix
Screenshot: https://d.pr/i/rMUnsa
✅ Patch looks good for 6.2
@audrasjb commented on PR #3883:
19 months ago
#10
committed in https://core.trac.wordpress.org/changeset/55331
Created patch.