Skip to content

Commit b64d06f

Browse files
SergeyBiryukovSergeyBiryukov
committed
Coding Standards: Consistently escape attribute in wp-admin/themes.php.
Follow-up to [27012], [38057], [47816], [51083]. Props sabbirshouvo, audrasjb. Fixes #54256. git-svn-id: https://develop.svn.wordpress.org/trunk@52020 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 68b5fff commit b64d06f

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

src/wp-admin/themes.php

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -363,8 +363,8 @@
363363
*/
364364

365365
foreach ( $themes as $theme ) :
366-
$aria_action = esc_attr( $theme['id'] . '-action' );
367-
$aria_name = esc_attr( $theme['id'] . '-name' );
366+
$aria_action = $theme['id'] . '-action';
367+
$aria_name = $theme['id'] . '-name';
368368

369369
$active_class = '';
370370
if ( $theme['active'] ) {
@@ -374,7 +374,7 @@
374374
<div class="theme<?php echo $active_class; ?>">
375375
<?php if ( ! empty( $theme['screenshot'][0] ) ) { ?>
376376
<div class="theme-screenshot">
377-
<img src="<?php echo $theme['screenshot'][0]; ?>" alt="" />
377+
<img src="<?php echo esc_attr( $theme['screenshot'][0] ); ?>" alt="" />
378378
</div>
379379
<?php } else { ?>
380380
<div class="theme-screenshot blank"></div>
@@ -508,7 +508,7 @@
508508
/* translators: %s: Theme name. */
509509
$details_aria_label = sprintf( _x( 'View Theme Details for %s', 'theme' ), $theme['name'] );
510510
?>
511-
<button type="button" aria-label="<?php echo esc_attr( $details_aria_label ); ?>" class="more-details" id="<?php echo $aria_action; ?>"><?php _e( 'Theme Details' ); ?></button>
511+
<button type="button" aria-label="<?php echo esc_attr( $details_aria_label ); ?>" class="more-details" id="<?php echo esc_attr( $aria_action ); ?>"><?php _e( 'Theme Details' ); ?></button>
512512
<div class="theme-author">
513513
<?php
514514
/* translators: %s: Theme author name. */
@@ -518,11 +518,11 @@
518518

519519
<div class="theme-id-container">
520520
<?php if ( $theme['active'] ) { ?>
521-
<h2 class="theme-name" id="<?php echo $aria_name; ?>">
521+
<h2 class="theme-name" id="<?php echo esc_attr( $aria_name ); ?>">
522522
<span><?php _ex( 'Active:', 'theme' ); ?></span> <?php echo $theme['name']; ?>
523523
</h2>
524524
<?php } else { ?>
525-
<h2 class="theme-name" id="<?php echo $aria_name; ?>"><?php echo $theme['name']; ?></h2>
525+
<h2 class="theme-name" id="<?php echo esc_attr( $aria_name ); ?>"><?php echo $theme['name']; ?></h2>
526526
<?php } ?>
527527

528528
<div class="theme-actions">
@@ -899,7 +899,7 @@ function wp_theme_auto_update_setting_template() {
899899
/* translators: %s: Theme name. */
900900
$aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
901901
?>
902-
<a class="button activate" href="{{{ data.actions.activate }}}" aria-label="<?php echo $aria_label; ?>"><?php _e( 'Activate' ); ?></a>
902+
<a class="button activate" href="{{{ data.actions.activate }}}" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
903903
<?php
904904
/* translators: %s: Theme name. */
905905
$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
@@ -1117,7 +1117,7 @@ function wp_theme_auto_update_setting_template() {
11171117
$aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
11181118
?>
11191119
<# if ( data.actions.activate ) { #>
1120-
<a href="{{{ data.actions.activate }}}" class="button activate" aria-label="<?php echo $aria_label; ?>"><?php _e( 'Activate' ); ?></a>
1120+
<a href="{{{ data.actions.activate }}}" class="button activate" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
11211121
<# } #>
11221122
<a href="{{{ data.actions.customize }}}" class="button button-primary load-customize hide-if-no-customize"><?php _e( 'Live Preview' ); ?></a>
11231123
<# } else { #>
@@ -1126,7 +1126,7 @@ function wp_theme_auto_update_setting_template() {
11261126
$aria_label = sprintf( _x( 'Cannot Activate %s', 'theme' ), '{{ data.name }}' );
11271127
?>
11281128
<# if ( data.actions.activate ) { #>
1129-
<a class="button disabled" aria-label="<?php echo $aria_label; ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
1129+
<a class="button disabled" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
11301130
<# } #>
11311131
<a class="button button-primary hide-if-no-customize disabled"><?php _e( 'Live Preview' ); ?></a>
11321132
<# } #>
@@ -1137,7 +1137,7 @@ function wp_theme_auto_update_setting_template() {
11371137
/* translators: %s: Theme name. */
11381138
$aria_label = sprintf( _x( 'Delete %s', 'theme' ), '{{ data.name }}' );
11391139
?>
1140-
<a href="{{{ data.actions['delete'] }}}" class="button delete-theme" aria-label="<?php echo $aria_label; ?>"><?php _e( 'Delete' ); ?></a>
1140+
<a href="{{{ data.actions['delete'] }}}" class="button delete-theme" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Delete' ); ?></a>
11411141
<# } #>
11421142
</div>
11431143
</div>

0 commit comments

Comments
 (0)