Making WordPress.org


Ignore:
Timestamp:
09/12/2018 06:02:09 AM (6 years ago)
Author:
dd32
Message:

Trac Notifications: Properly encode Component names in urls.

H/t SergeyBiryukov.
Fixes #3761.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/trac-notifications/trac-components.php

    r7211 r7664  
    630630            $focuses = array( 'accessibility', 'administration', 'coding-standards', 'docs', 'javascript', 'multisite', 'performance', 'privacy', 'rest-api', 'rtl', 'template', 'ui' );
    631631            foreach ( $focuses as $focus ) {
    632                 echo '<option value="focus/' . $focus . '">' . $focus . ( $both ? ' (focus)' : '' ) . '</option>';
     632                echo '<option value="focus/' . esc_attr( rawurlencode( $focus ) ) . '">' . $focus . ( $both ? ' (focus)' : '' ) . '</option>';
    633633            }
    634634        }
     
    639639            $components = $this->api->get_components();
    640640            foreach ( $components as $component ) {
    641                 echo '<option value="component/' . esc_attr( str_replace( ' ', '+', $component ) ) . '">' . esc_html( $component ) . "</option>";
     641                echo '<option value="component/' . esc_attr( rawurlencode( $component ) ) . '">' . esc_html( $component ) . "</option>";
    642642            }
    643643        }
     
    678678            $open_tickets = array_sum( $this->breakdown_component_type[ $component ] );
    679679        }
    680         echo '<td class="right"><a href="https://core.trac.wordpress.org/component/' . esc_attr( str_replace( ' ', '+', $component ) ) . '">' . $open_tickets . '</a></td>';
     680        echo '<td class="right"><a href="https://core.trac.wordpress.org/component/' . esc_attr( rawurlencode( $component ) ) . '">' . $open_tickets . '</a></td>';
    681681        if ( $history['change'] ) {
    682682            $count = sprintf( "%+d", $history['change'] );
Note: See TracChangeset for help on using the changeset viewer.