Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 2 years ago

Closed 2 years ago

#57539 closed defect (bug) (invalid)

Missing escaping in admin comment list file

Reported by:	aniketpatel	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:
Component:	Comments	Keywords:	has-patch
Focuses:		Cc:

Description

We have found escaping missing for some attributes in the class-wp-comments-list-table.php admin file and attached a patch for this bug.

Attachments (1)

57539.patch (4.4 KB) - added by aniketpatel 2 years ago.

Download all attachments as: .zip

Change History (2)

@aniketpatel
2 years ago

Attachment 57539.patch added

#1 @mukesh27
2 years ago

Component changed from General to Comments
Milestone Awaiting Review deleted
Resolution set to invalid
Status changed from new to closed

Thanks @aniketpatel, for the ticket and patch.

All the variables mentioned in PR are already escaped: https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-admin/includes/class-wp-comments-list-table.php#L684-L690 so I don't think it needs to escape again.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: