Bundled Themes: Properly escape URLs.

This adds output escaping to several theme related URLs.

Props alberuni-azad, sabernhardt.
Fixes #56696.
Built from https://develop.svn.wordpress.org/trunk@54405


git-svn-id: http://core.svn.wordpress.org/trunk@53964 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-content/themes/twentyfourteen/header.php

@@ -25,7 +25,7 @@
 	<link rel="profile" href="https://gmpg.org/xfn/11">
 	<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 	<!--[if lt IE 9]>
-	<script src="<?php echo get_template_directory_uri(); ?>/js/html5.js?ver=3.7.0"></script>
+	<script src="<?php echo esc_url( get_template_directory_uri() ); ?>/js/html5.js?ver=3.7.0"></script>
 	<![endif]-->
 	<?php wp_head(); ?>
 </head>

wp-content/themes/twentyten/block-patterns.php

@@ -33,7 +33,7 @@ if ( function_exists( 'register_block_pattern' ) ) {
 			'title'         => esc_html__( 'Introduction', 'twentyten' ),
 			'categories'    => array( 'twentyten' ),
 			'viewportWidth' => 700,
-			'content'       => '<!-- wp:image {"id":null,"sizeSlug":"large","linkDestination":"none"} --><figure class="wp-block-image size-large"><img src="' . get_template_directory_uri() . '/images/patterns/pattern-barn.jpg" alt="' . esc_attr__( 'A red barn with a white roof in a field.', 'twentyten' ) . '" /><figcaption><em>' . esc_html__( 'An old barn we passed on the drive', 'twentyten' ) . '</em></figcaption></figure><!-- /wp:image --><!-- wp:heading {"style":{"typography":{"fontSize":60}}} --><h2 style="font-size:60px">' . esc_html__( 'A Weekend Away', 'twentyten' ) . '</h2><!-- /wp:heading --><!-- wp:paragraph --><p>' . esc_html__( 'It’s amazing what a good weekend can do. After a tough couple weeks at work, I knew I needed to get away and be in nature. My partner and I decided to take a long weekend and stay in a cabin in the woods. We packed up after work on Friday and drove out into the country, passing through fields full of horses, old farms, and quaint little town squares. It was an idyllic drive. Eventually, we reached our destination and unpacked the car. We couldn’t wait to cook up a simple dinner and then relax by the fireplace.', 'twentyten' ) . '</p><!-- /wp:paragraph -->',
+			'content'       => '<!-- wp:image {"id":null,"sizeSlug":"large","linkDestination":"none"} --><figure class="wp-block-image size-large"><img src="' . esc_url( get_template_directory_uri() ) . '/images/patterns/pattern-barn.jpg" alt="' . esc_attr__( 'A red barn with a white roof in a field.', 'twentyten' ) . '" /><figcaption><em>' . esc_html__( 'An old barn we passed on the drive', 'twentyten' ) . '</em></figcaption></figure><!-- /wp:image --><!-- wp:heading {"style":{"typography":{"fontSize":60}}} --><h2 style="font-size:60px">' . esc_html__( 'A Weekend Away', 'twentyten' ) . '</h2><!-- /wp:heading --><!-- wp:paragraph --><p>' . esc_html__( 'It’s amazing what a good weekend can do. After a tough couple weeks at work, I knew I needed to get away and be in nature. My partner and I decided to take a long weekend and stay in a cabin in the woods. We packed up after work on Friday and drove out into the country, passing through fields full of horses, old farms, and quaint little town squares. It was an idyllic drive. Eventually, we reached our destination and unpacked the car. We couldn’t wait to cook up a simple dinner and then relax by the fireplace.', 'twentyten' ) . '</p><!-- /wp:paragraph -->',
 		)
 	);
 
@@ -55,7 +55,7 @@ if ( function_exists( 'register_block_pattern' ) ) {
 			'title'         => esc_html__( 'Alternating Images', 'twentyten' ),
 			'categories'    => array( 'twentyten' ),
 			'viewportWidth' => 700,
-			'content'       => '<!-- wp:columns {"verticalAlignment":"center"} --><div class="wp-block-columns are-vertically-aligned-center"><!-- wp:column {"verticalAlignment":"center","width":"66.66%"} --><div class="wp-block-column is-vertically-aligned-center" style="flex-basis:66.66%"><!-- wp:image {"id":null,"sizeSlug":"large","linkDestination":"none"} --><figure class="wp-block-image size-large"><img src="' . get_template_directory_uri() . '/images/patterns/pattern-dock.jpg" alt="' . esc_attr__( 'A lake with several boats docked. The sun is rising behind mountains in the background.', 'twentyten' ) . '" /><figcaption><em>' . esc_html__( 'The lake at 6:54 AM', 'twentyten' ) . '</em></figcaption></figure><!-- /wp:image --></div><!-- /wp:column --><!-- wp:column {"verticalAlignment":"top","width":"33.33%"} --><div class="wp-block-column is-vertically-aligned-top" style="flex-basis:33.33%"><!-- wp:paragraph --><p><em>' . esc_html__( 'Nearby our cabin was a lake. The sunrise looked beautiful as it rose over the hills beyond the water, reflecting down onto the gentle morning waves. I sat on the dock and drank a cup of coffee, enjoying the cool air on my skin. The coffee kept me warm inside.', 'twentyten' ) . '</em></p><!-- /wp:paragraph --></div><!-- /wp:column --></div><!-- /wp:columns --><!-- wp:columns --><div class="wp-block-columns"><!-- wp:column {"width":"33.33%"} --><div class="wp-block-column" style="flex-basis:33.33%"><!-- wp:paragraph --><p><em>' . esc_html__( 'Later that night, we went back to the lake and sat by the shore. It felt different at night; quieter, as if all of nature had gone to sleep for  a little while. The only noises were the chirp of crickets and the soft splash of the waves lapping at the shore. What a beautiful way to end the day.', 'twentyten' ) . '</em></p><!-- /wp:paragraph --></div><!-- /wp:column --><!-- wp:column {"width":"66.66%"} --><div class="wp-block-column" style="flex-basis:66.66%"><!-- wp:image {"id":null,"sizeSlug":"large","linkDestination":"none"} --><figure class="wp-block-image size-large"><img src="' . get_template_directory_uri() . '/images/patterns/pattern-lake.jpg" alt="' . esc_attr__( 'A lake at night, with Adirondack chairs in the foreground. The sun sets in the background.', 'twentyten' ) . '" /><figcaption><em>' . esc_html__( 'Relaxing at the lake after dinner', 'twentyten' ) . '</em></figcaption></figure><!-- /wp:image --></div><!-- /wp:column --></div><!-- /wp:columns -->',
+			'content'       => '<!-- wp:columns {"verticalAlignment":"center"} --><div class="wp-block-columns are-vertically-aligned-center"><!-- wp:column {"verticalAlignment":"center","width":"66.66%"} --><div class="wp-block-column is-vertically-aligned-center" style="flex-basis:66.66%"><!-- wp:image {"id":null,"sizeSlug":"large","linkDestination":"none"} --><figure class="wp-block-image size-large"><img src="' . esc_url( get_template_directory_uri() ) . '/images/patterns/pattern-dock.jpg" alt="' . esc_attr__( 'A lake with several boats docked. The sun is rising behind mountains in the background.', 'twentyten' ) . '" /><figcaption><em>' . esc_html__( 'The lake at 6:54 AM', 'twentyten' ) . '</em></figcaption></figure><!-- /wp:image --></div><!-- /wp:column --><!-- wp:column {"verticalAlignment":"top","width":"33.33%"} --><div class="wp-block-column is-vertically-aligned-top" style="flex-basis:33.33%"><!-- wp:paragraph --><p><em>' . esc_html__( 'Nearby our cabin was a lake. The sunrise looked beautiful as it rose over the hills beyond the water, reflecting down onto the gentle morning waves. I sat on the dock and drank a cup of coffee, enjoying the cool air on my skin. The coffee kept me warm inside.', 'twentyten' ) . '</em></p><!-- /wp:paragraph --></div><!-- /wp:column --></div><!-- /wp:columns --><!-- wp:columns --><div class="wp-block-columns"><!-- wp:column {"width":"33.33%"} --><div class="wp-block-column" style="flex-basis:33.33%"><!-- wp:paragraph --><p><em>' . esc_html__( 'Later that night, we went back to the lake and sat by the shore. It felt different at night; quieter, as if all of nature had gone to sleep for  a little while. The only noises were the chirp of crickets and the soft splash of the waves lapping at the shore. What a beautiful way to end the day.', 'twentyten' ) . '</em></p><!-- /wp:paragraph --></div><!-- /wp:column --><!-- wp:column {"width":"66.66%"} --><div class="wp-block-column" style="flex-basis:66.66%"><!-- wp:image {"id":null,"sizeSlug":"large","linkDestination":"none"} --><figure class="wp-block-image size-large"><img src="' . esc_url( get_template_directory_uri() ) . '/images/patterns/pattern-lake.jpg" alt="' . esc_attr__( 'A lake at night, with Adirondack chairs in the foreground. The sun sets in the background.', 'twentyten' ) . '" /><figcaption><em>' . esc_html__( 'Relaxing at the lake after dinner', 'twentyten' ) . '</em></figcaption></figure><!-- /wp:image --></div><!-- /wp:column --></div><!-- /wp:columns -->',
 		)
 	);
 }

wp-content/themes/twentyten/header.php

@@ -39,7 +39,7 @@ if ( ( $paged >= 2 || $page >= 2 ) && ! is_404() ) {
 ?>
 	</title>
 <link rel="profile" href="https://gmpg.org/xfn/11" />
-<link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>?ver=20190507" />
+<link rel="stylesheet" type="text/css" media="all" href="<?php echo esc_url( get_stylesheet_uri() ); ?>?ver=20190507" />
 <link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 <?php
 	/*

wp-content/themes/twentythirteen/header.php

@@ -25,7 +25,7 @@
 	<link rel="profile" href="https://gmpg.org/xfn/11">
 	<link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 	<!--[if lt IE 9]>
-	<script src="<?php echo get_template_directory_uri(); ?>/js/html5.js?ver=3.7.0"></script>
+	<script src="<?php echo esc_url( get_template_directory_uri() ); ?>/js/html5.js?ver=3.7.0"></script>
 	<![endif]-->
 	<?php wp_head(); ?>
 </head>

wp-content/themes/twentytwelve/header.php

@@ -26,7 +26,7 @@
 <link rel="pingback" href="<?php echo esc_url( get_bloginfo( 'pingback_url' ) ); ?>">
 <?php // Loads HTML5 JavaScript file to add support for HTML5 elements in older IE versions. ?>
 <!--[if lt IE 9]>
-<script src="<?php echo get_template_directory_uri(); ?>/js/html5.js?ver=3.7.0" type="text/javascript"></script>
+<script src="<?php echo esc_url( get_template_directory_uri() ); ?>/js/html5.js?ver=3.7.0" type="text/javascript"></script>
 <![endif]-->
 <?php wp_head(); ?>
 </head>

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.1-beta3-54404';
+$wp_version = '6.1-beta3-54405';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.