Context Navigation

← Previous Ticket
Next Ticket →

#61378 closed enhancement (wontfix)

Escape Output in Storage Count List Item Class

Reported by:	krunal265	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:	6.5.3
Component:	Administration	Keywords:	has-patch
Focuses:	coding-standards	Cc:

Description

In wp-admin/includes/dashboard.php
$used_class should be escaped according to WordPress Coding Standards to ensure proper security and data handling.

Attachments (1)

61378.patch (517 bytes) - added by krunal265 18 months ago.: Patch added

Download all attachments as: .zip

Change History (3)

@krunal265
18 months ago

Attachment 61378.patch added

Patch added

#1 @sabernhardt
18 months ago

Keywords close added

The value of the $used_class variable is either ' warning' or an empty string, which would not require escaping.

A similar ticket concluded that a toolbar $class variable was not worth running the esc_attr function without any benefit. See ticket:58251#comment:23.

#2 @desrosj
16 months ago

Keywords close removed
Milestone Awaiting Review deleted
Resolution set to wontfix
Status changed from new to closed

#58251 and a similar #59626 were closed out. As @sabernhardt stated, the value of $used_class cannot be changed, so there's no need to escape on output.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core