vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Administration: Add missing escaping for CSS classes on the body tag in the admin.

Browse Source 
Follow-up to [5892], [10823], [10868], [18882], [21014], [22000], [48060].

Propos rafiem, costdev, dd32, audrasjb, westonruter, SergeyBiryukov.
Fixes #58336.

git-svn-id: https://develop.svn.wordpress.org/trunk@55846 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov
2023-05-22 14:14:10 +00:00
parent 1825c75f88
commit 3c6184d81c
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-admin/admin-header.php
View File

@@ -242,7 +242,7 @@ unset( $error_get_last );
$admin_body_classes = apply_filters( 'admin_body_class', '' );
$admin_body_classes = ltrim( $admin_body_classes . ' ' . $admin_body_class );
?>
<body class="wp-admin wp-core-ui no-js <?php echo $admin_body_classes; ?>">
<body class="wp-admin wp-core-ui no-js <?php echo esc_attr( $admin_body_classes ); ?>">
<script type="text/javascript">
document.body.className = document.body.className.replace('no-js','js');
</script>

2
src/wp-admin/includes/template.php
View File

@@ -2178,7 +2178,7 @@ var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?
$admin_body_classes = apply_filters( 'admin_body_class', '' );
$admin_body_classes = ltrim( $admin_body_classes . ' ' . $admin_body_class );
?>
<body <?php echo $admin_body_id; ?>class="wp-admin wp-core-ui no-js iframe <?php echo $admin_body_classes; ?>">
<body <?php echo $admin_body_id; ?>class="wp-admin wp-core-ui no-js iframe <?php echo esc_attr( $admin_body_classes ); ?>">
<script type="text/javascript">
(function(){
var c = document.body.className;