[wp-trac] [WordPress Trac] #56717: Twenty Eleven: Correctly escape template directory uri
WordPress Trac
noreply at wordpress.org
Sun Oct 2 17:36:11 UTC 2022
#56717: Twenty Eleven: Correctly escape template directory uri
----------------------------+-----------------------------
Reporter: Alberuni Azad. | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version: 5.8
Severity: normal | Keywords:
Focuses: |
----------------------------+-----------------------------
In wp-content/themes/twentyeleven/inc/block-patterns.php file, I've found
that the {{{get_template_directory_uri()}}} is called without escaping
which I think should be escaped.
I've checked other latest themes where the escaping is used. Link
mentioned below
https://github.com/WordPress/wordpress-
develop/blob/389a78ecc453036f144b6d510cc2423f41bc9dd1/src/wp-
content/themes/twentytwentytwo/inc/patterns/general-divider-dark.php#L10
https://github.com/WordPress/wordpress-
develop/blob/389a78ecc453036f144b6d510cc2423f41bc9dd1/src/wp-
content/themes/twentytwentyone/inc/block-patterns.php#L76
https://github.com/WordPress/wordpress-
develop/blob/389a78ecc453036f144b6d510cc2423f41bc9dd1/src/wp-
content/themes/twentytwenty/inc/block-patterns.php#L151
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56717>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list