WordPress.org
Get WordPress

Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#57268 new defect (bug)

Add Escaping properly in Class Custom background Page

Reported by: shailu25's profile shailu25 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch
Focuses: administration Cc:

Description

In the class-custom-background.php , I noticed there are some missing escaping. I think these should be escaped properly.

Example: 

<?php echo $input['label']; ?>

Attachments (2)

57268.diff (845 bytes) - added by shailu25 3 years ago.
Patch Added
57268.2.diff (1.8 KB) - added by shailu25 3 years ago.
Updated Patch

Download all attachments as: .zip

Change History (5)

@shailu25
3 years ago

Patch Added

#1 @shailu25
3 years ago

  • Keywords has-patch added

#2 @costdev
3 years ago

  • Version trunk deleted

There is another instance of this on Line 101 in:
wp-includes/customize/class-wp-customize-background-position-control.php

@shailu25
3 years ago

Updated Patch

#3 @shailu25
3 years ago

@costdev

I have added escape for wp-includes/customize/class-wp-customize-background-position-control.php file's Instance.(Line no 101)

Last edited 3 years ago by shailu25 (previous) (diff)
Note: See TracTickets for help on using tickets.