From 8e436271ed6b5f31db3e11ab9b1e196e10d162f4 Mon Sep 17 00:00:00 2001 From: nacin Date: Sat, 3 Apr 2010 23:04:37 +0000 Subject: [PATCH] Ensure we're escaping css classes for front end nav menu. git-svn-id: http://svn.automattic.com/wordpress/trunk@13975 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/classes.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/wp-includes/classes.php b/wp-includes/classes.php index 7d12144a94..15ce7c6f5d 100644 --- a/wp-includes/classes.php +++ b/wp-includes/classes.php @@ -1183,26 +1183,27 @@ class Walker_Nav_Menu extends Walker { function start_el(&$output, $item, $depth, $args) { $indent = ( $depth ) ? str_repeat( "\t", $depth ) : ''; + $classes = $value = ''; if ( 'frontend' == $args->context ) { global $wp_query; - $css_class = array( 'menu-item', 'menu-item-type-'. $item->type, $item->classes ); + $classes = array( 'menu-item', 'menu-item-type-'. $item->type, $item->classes ); if ( 'custom' != $item->object ) - $css_class[] = 'menu-item-object-'. $item->object; + $classes[] = 'menu-item-object-'. $item->object; if ( $item->object_id == $wp_query->get_queried_object_id() ) - $css_class[] = 'current-menu-item'; + $classes[] = 'current-menu-item'; // @todo add classes for parent/child relationships - $css_class = join( ' ', apply_filters( 'nav_menu_css_class', array_filter( $css_class ), $item ) ); + $classes = join( ' ', apply_filters( 'nav_menu_css_class', array_filter( $classes ), $item ) ); + $classes = ' class="' . esc_attr( $classes ) . '"'; + } else { + $value = ' value="' . $item->ID . '"'; } - $maybe_value = ( 'backend' == $args->context ) ? ' value="'. $item->ID .'"' : ''; - $maybe_classes = ( 'frontend' == $args->context ) ? ' class="'. $css_class .'"' : ''; - - $output .= $indent . '