Make WordPress Core

Opened 3 months ago

Closed 3 months ago

#57885 closed enhancement (fixed)

Docs: Add XSS warning to docs for remove_query_arg

Reported by: roytanck's profile roytanck Owned by: audrasjb's profile audrasjb
Milestone: 6.2 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch commit
Focuses: docs Cc:

Description

On developer.wordpress.org, the page for add_query_arg contains a warning that the return value of the function is not escaped, and as such is not safe to use directly.

The same applies to remove_query_arg, but not such warning is present there.

I propose adding the same warning to the docs for remove_query_arg. I'll attach a patch to that effect to this ticket.

Attachments (1)

57885.diff (589 bytes) - added by roytanck 3 months ago.
Adds an XSS warning to the doc block for remove_query_arg .

Download all attachments as: .zip

Change History (6)

@roytanck
3 months ago

Adds an XSS warning to the doc block for remove_query_arg .

#1 @roytanck
3 months ago

  • Keywords has-patch added

#2 @ankitmaru
3 months ago

Thanks @roytanck for the patch, This looks good to me.

#3 @audrasjb
3 months ago

  • Owner set to audrasjb
  • Status changed from new to reviewing

#4 @audrasjb
3 months ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 6.2
  • Status changed from reviewing to accepted

Sounds good. As it is a Docs change, let's get it in 6.2. Thanks @roytanck!

#5 @audrasjb
3 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 55492:

Docs: Add security warning in remove_query_arg() docblock to make it consistent with add_query_arg().

Props roytanck.
Fixes #57885.
See #56792.

Note: See TracTickets for help on using tickets.