Make WordPress Core

Opened 15 months ago

Closed 15 months ago

Last modified 6 months ago

#58252 closed defect (bug) (duplicate)

Escaping issue found while echoing attribute's dynamic value in html attribute.

Reported by: madhusudandev's profile madhusudandev Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.2
Component: Administration Keywords:
Focuses: coding-standards Cc:

Description

In wp-includes/class-wp-admin-bar.php file, I've found that the there is an escaping issue while echoing attribute's dynamic value in html attribute (like class). The issue is found at line 458 of that file. I think it should be escaped.

I've seen the attribute's dynamic value were escaped in the other lines of that file. Link mentioned below:

https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/class-wp-admin-bar.php#L487
https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/class-wp-admin-bar.php#L514

Change History (2)

#1 @nazmulhudadev
15 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #58251.

This ticket is duplicate of https://core.trac.wordpress.org/ticket/58251

#2 @swissspidy
6 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.