Get WordPress

Make WordPress Core

Opened 4 months ago

Closed 2 months ago

#60978 closed defect (bug) (fixed)

Add missing escapes

Reported by: nareshbheda's profile nareshbheda Owned by: audrasjb's profile audrasjb
Milestone: 6.6 Priority: normal
Severity: normal Version:
Component: Upload Keywords: has-patch
Focuses: coding-standards Cc:

Description

Add missing escapes in the wp-admin/async-upload.php file.

Attachments (3)

60978.patch (1.2 KB) - added by nareshbheda 4 months ago.
60978.2.patch (1.2 KB) - added by nareshbheda 4 months ago.
60978.3.patch (1.6 KB) - added by nareshbheda 4 months ago.

Download all attachments as: .zip

Change History (8)

@nareshbheda
4 months ago

@nareshbheda
4 months ago

#1 @mukesh27
4 months ago

Thanks for ticket and patch!

Could you add escape in line 63 wp_basename( $file )?

@nareshbheda
4 months ago

#2 @audrasjb
4 months ago

  • Component changed from General to Upload
  • Milestone changed from Awaiting Review to 6.6

Thanks for the ticket and patch,

Moving for 6.6 consideration.

#3 @audrasjb
4 months ago

  • Owner set to audrasjb
  • Status changed from new to reviewing

#4 @audrasjb
2 months ago

I updated the patch to avoid a duplicate escape on $title.

#5 @audrasjb
2 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 58210:

Upload: Add missing escaping functions in wp-admin/async-upload.php.

Props nareshbheda, mukesh27.
Fixes #60978.

Note: See TracTickets for help on using tickets.