Opened 18 months ago
Closed 18 months ago
#59141 closed defect (bug) (fixed)
Escaping function is missing in $post_edit_link
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 6.4 | Priority: | normal |
Severity: | normal | Version: | 6.3 |
Component: | Revisions | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
Escaping function missing which is use $post_edit_link function.
Attachments (3)
Change History (12)
#2
@
18 months ago
Ah, I was writing while you were posting so you have (partly) answered my question now. Sorry.
#3
@
18 months ago
- Component changed from Administration to Revisions
- Keywords has-patch added
- Milestone changed from Awaiting Review to 6.4
Thanks @nidhidhandhukiya for ticket and patch.
@Presskopp It's better to escape the output of get_edit_post_link
.
Patch works fine in my test. @costdev you could commit you first one 😉
#4
@
18 months ago
I think escaping is not needed here because get_edit_post_link() already returns safe links.
#5
@
18 months ago
Also _draft_or_post_title
is already escaping the return value: return esc_html( $title );
#6
@
18 months ago
#7
@
18 months ago
- Keywords commit added
Thanks for the ping @mukesh27!
As noted above, _draft_or_post_title()
is already escaped.
However, get_edit_post_link()
is not escaped, and also returns the result of the get_edit_post_link
filter. There may have been some confusion with edit_post_link()
, which does escape the link before output.
59141.patch looks good to me, thanks @nidhidhandhukiya! 🙂
I'm not fully onboarded as a committer yet, sorry Mukesh! 😅 Adding for final review and commit
by another committer.
Hello @nidhidhandhukiya, it would be helpful if you could elaborate more what issue you are describing, what is missing and why and how it can be resolved. Thank you.