close
WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/13/2026 12:29:20 PM (12 hours ago)
Author:
johnbillion
Message:

Grouped backports for the 5.2 branch.

  • XML-RPC: Switch to wp_safe_remote() when fetching a pingback URL.
  • HTML API: Prevent WP_HTML_Tag_Processor instances being unserialized and add some extra logic for validating pattern and template file paths.
  • KSES: Optimize PCRE pattern detecting numeric character references.
  • Customize: Improve escaping approach used for nav menu attributes.
  • Media: Ensure the attachment parent is accessible to the user before showing a link to it in the media manager.
  • Administration: Ensure client-side templates are only detected when they're correctly associated with a script tag.
  • Filesystem API: Don't attempt to extract invalid files from a zip when using the PclZip library.

Merges [61879-61884,61886-61887,61890,61913] to the 5.2 branch.

Props johnbillion, xknown, dmsnell, jorbin, peterwilson, desrosj, westonruter, jonsurrell, aurdasjb.

Location:
branches/5.2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/5.2

  • branches/5.2/src/wp-admin/includes/class-walker-nav-menu-edit.php

    r43598 r62001  
    171171                    <label for="edit-menu-item-title-<?php echo $item_id; ?>">
    172172                        <?php _e( 'Navigation Label' ); ?><br />
    173                         <input type="text" id="edit-menu-item-title-<?php echo $item_id; ?>" class="widefat edit-menu-item-title" name="menu-item-title[<?php echo $item_id; ?>]" value="<?php echo esc_attr( $item->title ); ?>" />
     173                        <input type="text" id="edit-menu-item-title-<?php echo $item_id; ?>" class="widefat edit-menu-item-title" name="menu-item-title[<?php echo $item_id; ?>]" value="<?php echo htmlspecialchars( $item->title, ENT_QUOTES ); ?>" />
    174174                    </label>
    175175                </p>
     
    177177                    <label for="edit-menu-item-attr-title-<?php echo $item_id; ?>">
    178178                        <?php _e( 'Title Attribute' ); ?><br />
    179                         <input type="text" id="edit-menu-item-attr-title-<?php echo $item_id; ?>" class="widefat edit-menu-item-attr-title" name="menu-item-attr-title[<?php echo $item_id; ?>]" value="<?php echo esc_attr( $item->post_excerpt ); ?>" />
     179                        <input type="text" id="edit-menu-item-attr-title-<?php echo $item_id; ?>" class="widefat edit-menu-item-attr-title" name="menu-item-attr-title[<?php echo $item_id; ?>]" value="<?php echo htmlspecialchars( $item->post_excerpt, ENT_QUOTES ); ?>" />
    180180                    </label>
    181181                </p>
     
    189189                    <label for="edit-menu-item-classes-<?php echo $item_id; ?>">
    190190                        <?php _e( 'CSS Classes (optional)' ); ?><br />
    191                         <input type="text" id="edit-menu-item-classes-<?php echo $item_id; ?>" class="widefat code edit-menu-item-classes" name="menu-item-classes[<?php echo $item_id; ?>]" value="<?php echo esc_attr( implode( ' ', $item->classes ) ); ?>" />
     191                        <input type="text" id="edit-menu-item-classes-<?php echo $item_id; ?>" class="widefat code edit-menu-item-classes" name="menu-item-classes[<?php echo $item_id; ?>]" value="<?php echo htmlspecialchars( implode( ' ', $item->classes ), ENT_QUOTES ); ?>" />
    192192                    </label>
    193193                </p>
     
    195195                    <label for="edit-menu-item-xfn-<?php echo $item_id; ?>">
    196196                        <?php _e( 'Link Relationship (XFN)' ); ?><br />
    197                         <input type="text" id="edit-menu-item-xfn-<?php echo $item_id; ?>" class="widefat code edit-menu-item-xfn" name="menu-item-xfn[<?php echo $item_id; ?>]" value="<?php echo esc_attr( $item->xfn ); ?>" />
     197                        <input type="text" id="edit-menu-item-xfn-<?php echo $item_id; ?>" class="widefat code edit-menu-item-xfn" name="menu-item-xfn[<?php echo $item_id; ?>]" value="<?php echo htmlspecialchars( $item->xfn, ENT_QUOTES ); ?>" />
    198198                    </label>
    199199                </p>
Note: See TracChangeset for help on using the changeset viewer.