Opened 5 years ago

Closed 5 years ago

#4222 closed defect (bug) (invalid)

Use wordpress default function and escaping function.

Reported by: bharatkambariya's profile BharatKambariya Owned by:
Milestone: Priority: normal
Component: General Keywords: has-patch


I have updated wp_parse_url() instead of parse_url(), added escaping function for better security purpose.

Attachments (1)

#4222.diff (848 bytes) - added by BharatKambariya 5 years ago.

Download all attachments as: .zip

Change History (2)

#1 @dd32
5 years ago

  • Resolution set to invalid
  • Status changed from new to closed

The use of wp_parse_url() isn't required here - just because WordPress has a wrapper for it to account for bugs in older PHP, doesn't mean it should always be used.

get_the_title() doesn't need to be HTML escaped here either, and may intentionally return HTML.

For future patches, can you also please ensure that the patch file contains the path to the file, or mention what project the patch applies to, as we have a lot of similar files over many different themes, thankfully this particular one had a unique filename/textdomain though.

Note: See TracTickets for help on using tickets.