Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-26 14:54:57 +02:00
Code Issues Projects Releases Wiki Activity

Administration: Correct the escaping in documentation lookup for plugin and theme editor.

Browse Source 
This brings consistency to similar code fragments that evolved in slightly different ways over the years:

* A check that the list of functions is not empty now exists in both editors.
* "Function Name..." is an option label, not an attribute, so `esc_html__()` is the correct function here.
* `esc_attr( urlencode( $function ) )` in the theme editor is replaced with `esc_attr( $function )`.
* `htmlspecialchars( $function )` in the theme editor is replaced with `esc_html( $function )`.

Follow-up to [10607], [10879], [11110], [11173], [11204], [11671], [14989].

Props aristath, justinahinon, poena, audrasjb, pratiweb, SergeyBiryukov.
Fixes #56007.
Built from https://develop.svn.wordpress.org/trunk@53758


git-svn-id: http://core.svn.wordpress.org/trunk@53317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2022-07-22 11:33:10 +00:00
parent d217368c6a
commit acbd857a4c
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/plugin-editor.php
View File

@ -167,10 +167,12 @@ if ( '.php' === substr( $real_file, strrpos( $real_file, '.' ) ) ) {
if ( ! empty( $functions ) ) {
$docs_select = '<select name="docs-list" id="docs-list">';
$docs_select .= '<option value="">' . __( 'Function Name&hellip;' ) . '</option>';
$docs_select .= '<option value="">' . esc_html__( 'Function Name&hellip;' ) . '</option>';
foreach ( $functions as $function ) {
$docs_select .= '<option value="' . esc_attr( $function ) . '">' . esc_html( $function ) . '()</option>';
}
$docs_select .= '</select>';
}
}

14
wp-admin/theme-editor.php
View File

@ -164,12 +164,16 @@ if ( ! empty( $posted_content ) ) {
if ( '.php' === substr( $file, strrpos( $file, '.' ) ) ) {
$functions = wp_doc_link_parse( $content );
$docs_select = '<select name="docs-list" id="docs-list">';
$docs_select .= '<option value="">' . esc_attr__( 'Function Name&hellip;' ) . '</option>';
foreach ( $functions as $function ) {
$docs_select .= '<option value="' . esc_attr( urlencode( $function ) ) . '">' . htmlspecialchars( $function ) . '()</option>';
if ( ! empty( $functions ) ) {
$docs_select = '<select name="docs-list" id="docs-list">';
$docs_select .= '<option value="">' . esc_html__( 'Function Name&hellip;' ) . '</option>';
foreach ( $functions as $function ) {
$docs_select .= '<option value="' . esc_attr( $function ) . '">' . esc_html( $function ) . '()</option>';
}
$docs_select .= '</select>';
}
$docs_select .= '</select>';
}
$content = esc_textarea( $content );

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.1-alpha-53757';
$wp_version = '6.1-alpha-53758';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.