sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Administration: Escape admin title on output after the `admin_title` filter runs, not before. 

Props lalitpendhare, adnan.limdi, subrataemfluence, andraganescu.
Fixes #41921.

git-svn-id: https://develop.svn.wordpress.org/trunk@47474 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2020-03-20 02:18:53 +00:00
parent 7ede058b16
commit 827d77e341
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/wp-admin/admin-header.php
View File

@ -32,14 +32,14 @@ if ( empty( $current_screen ) ) {
}
get_admin_page_title();
$title = esc_html( strip_tags( $title ) );
$title = strip_tags( $title );
if ( is_network_admin() ) {
/* translators: Network admin screen title. %s: Network title. */
$admin_title = sprintf( __( 'Network Admin: %s' ), esc_html( get_network()->site_name ) );
$admin_title = sprintf( __( 'Network Admin: %s' ), get_network()->site_name );
} elseif ( is_user_admin() ) {
/* translators: User dashboard screen title. %s: Network title. */
$admin_title = sprintf( __( 'User Dashboard: %s' ), esc_html( get_network()->site_name ) );
$admin_title = sprintf( __( 'User Dashboard: %s' ), get_network()->site_name );
} else {
$admin_title = get_bloginfo( 'name' );
}
@ -71,7 +71,7 @@ wp_user_settings();
_wp_admin_html_begin();
?>
<title><?php echo $admin_title; ?></title>
<title><?php echo esc_html( $admin_title ); ?></title>
<?php
wp_enqueue_style( 'colors' );

2
src/wp-admin/customize.php
View File

@ -150,7 +150,7 @@ $body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '
$admin_title = sprintf( $wp_customize->get_document_title_template(), __( 'Loading&hellip;' ) );
?>
<title><?php echo $admin_title; ?></title>
<title><?php echo esc_html( $admin_title ); ?></title>
<script type="text/javascript">
var ajaxurl = <?php echo wp_json_encode( admin_url( 'admin-ajax.php', 'relative' ) ); ?>,