Opened 6 years ago
Closed 6 years ago
#4222 closed defect (bug) (invalid)
Use wordpress default function and escaping function.
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | General | Keywords: | has-patch |
Cc: |
Description
I have updated wp_parse_url() instead of parse_url(), added escaping function for better security purpose.
Attachments (1)
Change History (2)
Note: See
TracTickets for help on using
tickets.
The use of
wp_parse_url()
isn't required here - just because WordPress has a wrapper for it to account for bugs in older PHP, doesn't mean it should always be used.get_the_title()
doesn't need to be HTML escaped here either, and may intentionally return HTML.For future patches, can you also please ensure that the patch file contains the path to the file, or mention what project the patch applies to, as we have a lot of similar files over many different themes, thankfully this particular one had a unique filename/textdomain though.