diff options
| author | Sergey Biryukov <sergeybiryukov@git.wordpress.org> | 2024-01-26 14:18:14 +0000 |
|---|---|---|
| committer | Sergey Biryukov <sergeybiryukov@git.wordpress.org> | 2024-01-26 14:18:14 +0000 |
| commit | 5fbcb55986b7db0f52f6b3286749848bda2052a0 (patch) | |
| tree | 5dfec4d35789f89959d9e8d1c3f0243c26a2bf51 | |
| parent | 311f45e2dce25e4e9c655448c74400691b5bf47d (diff) | |
| download | wordpress-5fbcb55986b7db0f52f6b3286749848bda2052a0.tar.gz wordpress-5fbcb55986b7db0f52f6b3286749848bda2052a0.zip | |
Coding Standards: Add missing escaping in `Custom_Image_Header::step_2()`.
Follow-up to [4673], [14907].
Props nareshbheda, audrasjb, kebbet.
Fixes #59278.
git-svn-id: https://develop.svn.wordpress.org/trunk@57364 602fd350-edb4-49c9-b593-d223f7449a82
| -rw-r--r-- | src/wp-admin/includes/class-custom-image-header.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/wp-admin/includes/class-custom-image-header.php b/src/wp-admin/includes/class-custom-image-header.php index a4b04bf3fc..5c3271478b 100644 --- a/src/wp-admin/includes/class-custom-image-header.php +++ b/src/wp-admin/includes/class-custom-image-header.php @@ -934,7 +934,7 @@ endif; <p class="hide-if-js"><strong><?php _e( 'You need JavaScript to choose a part of the image.' ); ?></strong></p> <div id="crop_image" style="position: relative"> - <img src="<?php echo esc_url( $url ); ?>" id="upload" width="<?php echo $width; ?>" height="<?php echo $height; ?>" alt="" /> + <img src="<?php echo esc_url( $url ); ?>" id="upload" width="<?php echo esc_attr( $width ); ?>" height="<?php echo esc_attr( $height ); ?>" alt="" /> </div> <input type="hidden" name="x1" id="x1" value="0" /> |