Make WordPress Core

Opened 6 weeks ago

Last modified 6 weeks ago

#61378 new enhancement

Escape Output in Storage Count List Item Class

Reported by: krunal265's profile krunal265 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.5.3
Component: Administration Keywords: has-patch close
Focuses: coding-standards Cc:

Description

In wp-admin/includes/dashboard.php
$used_class should be escaped according to WordPress Coding Standards to ensure proper security and data handling.

Attachments (1)

61378.patch (517 bytes) - added by krunal265 6 weeks ago.
Patch added

Download all attachments as: .zip

Change History (2)

@krunal265
6 weeks ago

Patch added

#1 @sabernhardt
6 weeks ago

  • Keywords close added

The value of the $used_class variable is either ' warning' or an empty string, which would not require escaping.

A similar ticket concluded that a toolbar $class variable was not worth running the esc_attr function without any benefit. See ticket:58251#comment:23.

Note: See TracTickets for help on using tickets.