WordPress.org
Get WordPress

Make WordPress Core

Changeset 60213


Ignore:
Timestamp:
05/01/2025 07:24:33 PM (10 months ago)
Author:
SergeyBiryukov
Message:

Coding Standards: Use correct escaping function for nav menu item URLs.

Follow-up to [14248], [15077].

Props hardik2221, nareshbheda, dilipbheda, SirLouen.
Fixes #63351.

Location:
trunk/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/includes/class-walker-nav-menu-checklist.php

    r56547 r60213  
    118118        $output .= '<input type="hidden" class="menu-item-type" name="menu-item[' . $possible_object_id . '][menu-item-type]" value="' . esc_attr( $menu_item->type ) . '" />';
    119119        $output .= '<input type="hidden" class="menu-item-title" name="menu-item[' . $possible_object_id . '][menu-item-title]" value="' . esc_attr( $menu_item->title ) . '" />';
    120         $output .= '<input type="hidden" class="menu-item-url" name="menu-item[' . $possible_object_id . '][menu-item-url]" value="' . esc_attr( $menu_item->url ) . '" />';
     120        $output .= '<input type="hidden" class="menu-item-url" name="menu-item[' . $possible_object_id . '][menu-item-url]" value="' . esc_url( $menu_item->url ) . '" />';
    121121        $output .= '<input type="hidden" class="menu-item-target" name="menu-item[' . $possible_object_id . '][menu-item-target]" value="' . esc_attr( $menu_item->target ) . '" />';
    122122        $output .= '<input type="hidden" class="menu-item-attr-title" name="menu-item[' . $possible_object_id . '][menu-item-attr-title]" value="' . esc_attr( $menu_item->attr_title ) . '" />';

  • trunk/src/wp-admin/includes/class-walker-nav-menu-edit.php

    r59265 r60213  
    197197                        <label for="edit-menu-item-url-<?php echo $item_id; ?>">
    198198                            <?php _e( 'URL' ); ?><br />
    199                             <input type="text" id="edit-menu-item-url-<?php echo $item_id; ?>" class="widefat code edit-menu-item-url" name="menu-item-url[<?php echo $item_id; ?>]" value="<?php echo esc_attr( $menu_item->url ); ?>" />
     199                            <input type="text" id="edit-menu-item-url-<?php echo $item_id; ?>" class="widefat code edit-menu-item-url" name="menu-item-url[<?php echo $item_id; ?>]" value="<?php echo esc_url( $menu_item->url ); ?>" />
    200200                        </label>
    201201                    </p>
Note: See TracChangeset for help on using the changeset viewer.