Opened 6 weeks ago
Last modified 6 weeks ago
#63071 new defect (bug)
Getting All output should be run through an escaping function error into the WordPress core files.
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | dev-feedback needs-testing changes-requested |
| Focuses: | coding-standards | Cc: |
Description
Hello Team,
I have checked wp-admin WordPress core files and I have found this "All output should be run through an escaping function" error for few files.
Here, I have listed files:
/wp-admin/includes/class-wp-privacy-policy-content.php
/wp-admin/includes/class-wp-theme-install-list-table.php
/wp-admin/includes/dashboard.php
/wp-admin/includes/class-custom-background.php
/wp-admin/includes/class-wp-screen.php
I have tested this into the WordPress 6.8-beta1.
Thanks,
Attachments (2)
Change History (4)
#1
follow-up:
↓ 2
@
6 weeks ago
- Keywords changes-requested added
- Version trunk deleted
@viralsampat thanks for the patch, however I found at least one occurrence that will break the content displayed by the variable: <?php echo esc_html( $help_sidebar ); ?>
$help_sidebar can contain HTML content as mentioned in the related Docblock- see function set_help_sidebar(): @param string $content Sidebar content in plain text or HTML.
The other occurrences in your patch need to be checked as well.
#2
in reply to:
↑ 1
@
6 weeks ago
Hello @audrasjb
Thank you so much for your feedback.
I have tested my patch and updated it. Now, I have added another patch.
https://core.trac.wordpress.org/attachment/ticket/63071/63071.2.patch
Thanks,
I have added patch.