Make WordPress Core

Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#58239 closed defect (bug) (fixed)

Bookmark Administration on edit_link function in extra remove ( $_POST['link_url'] = esc_html( $_POST['link_url'] ); )

Reported by: utsav72640's profile utsav72640 Owned by: audrasjb's profile audrasjb
Milestone: 6.3 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch
Focuses: coding-standards Cc:

Description

I have checked in edit_link function on wp-admin/includes/bookmark.php

And if I look at the code there are add an extra esc_html function to sanitize the ( $_POSTlink_url? ).

After reviewing the example provided for the add_link action, it appears that there is no need to include an esc_html function when handling the ( $_POSTlink_url? ) parameter.

Can you please check my patch and share your feedback.

Attachments (1)

bookmark.patch (500 bytes) - added by utsav72640 13 months ago.
wp-admin/includes/bookmark.php

Download all attachments as: .zip

Change History (15)

@utsav72640
13 months ago

wp-admin/includes/bookmark.php

#1 @utsav72640
13 months ago

Also I have added in git a new pull request can you please check and let me know if there are any changes or not.

https://github.com/WordPress/wordpress-develop/pull/4415

This ticket was mentioned in PR #4415 on WordPress/wordpress-develop by utsavtilava.


13 months ago
#2

  • Keywords has-patch added

I have checked in edit_link function on wp-admin/includes/bookmark.php

And if I look at the code there are add an extra esc_html function to sanitize the ( $_POSTlink_url? ).

After reviewing the example provided for the add_link action, it appears that there is no need to include an esc_html function when handling the ( $_POSTlink_url? ) parameter.

Can you please check my patch and share your feedback.

Trac Ticket: https://core.trac.wordpress.org/ticket/58239

EDITED by @audrasjb to add a link to the Trac ticket

#3 @audrasjb
13 months ago

Hello @utsav72640,

The duplication issue looks relevant to me, thanks.

However, there is a conflict in your PR, and you also have an unrelated change to /wp-admin/includes/user.php.

#4 @audrasjb
13 months ago

  • Keywords changes-requested removed

#5 @audrasjb
13 months ago

  • Milestone changed from Awaiting Review to 6.3
  • Owner set to audrasjb
  • Status changed from new to accepted

#6 follow-up: @utsav72640
13 months ago

Hello @audrasjb

Could you please review the updated patch I submitted? If any additional changes are required, please let me know and I will make the necessary updates to the PR.

#7 @audrasjb
13 months ago

Historical context: this was introduced in [11383] when clean_url() was deprecated in favor of esc_url().

#8 in reply to: ↑ 6 @audrasjb
13 months ago

Replying to utsav72640:

Could you please review the updated patch I submitted? If any additional changes are required, please let me know and I will make the necessary updates to the PR.

Already reviewed in comment:3 ;)

utsavtilava commented on PR #4415:


13 months ago
#9

As per our audrasjb conversation i will closed this PR because it's conflict in user.php file so i am close this pull request and i will add new pull request.

#10 follow-up: @utsav72640
13 months ago

Hello @audrasjb

I have added in git a new pull request can you please check and let me know if there are any changes or not.

https://github.com/WordPress/wordpress-develop/pull/4416

#11 in reply to: ↑ 10 @audrasjb
13 months ago

Replying to utsav72640:

I have added in git a new pull request can you please check and let me know if there are any changes or not.

Thanks.

Just an important note: you don't need to add a link to your PR in a message here in Trac. Just add the link to the Trac ticket and your PR will automatically appear here on Trac. See the edition I made to your PR. Thanks.

This ticket was mentioned in PR #4416 on WordPress/wordpress-develop by utsavtilava.


13 months ago
#12

I have checked in edit_link function on wp-admin/includes/bookmark.php

And if I look at the code there are add an extra esc_html function to sanitize the ( $_POSTlink_url? ).

After reviewing the example provided for the add_link action, it appears that there is no need to include an esc_html function when handling the ( $_POSTlink_url? ) parameter.

Can you please check my patch and share your feedback.

EDITED by @audrasjb to add a link to the Trac ticket
Trac Ticket: https://core.trac.wordpress.org/ticket/58239

#13 @audrasjb
13 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 55704:

Coding Standards: Remove unnecessary variable escapement in Bookmark Administration API.

This changeset removes an unnecessary esc_html() escapement for link_url, as esc_url() already does the job.

Follow-up to [11383].

Props utsav72640, audrasjb.
Fixes #58239.

Note: See TracTickets for help on using tickets.