-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape comment author URL #44999
Escape comment author URL #44999
Conversation
👋 Thanks for your first Pull Request and for helping build the future of Gutenberg and WordPress, @zenaul! In case you missed it, we'd love to have you join us in our Slack community, where we hold regularly weekly meetings open to anyone to coordinate with each other. If you want to learn more about WordPress development in general, check out the Core Handbook full of helpful information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zenaul Thanks for your PR.
This makes sense. LGTM.
I just cherry-picked this PR to the wp/6.1-rc-2 branch to get it included in the next release: 56c871a |
Package updates for bug and regression fixes: - `@wordpress/block-directory: 3.15.8` - `@wordpress/block-editor: 10.0.7` - `@wordpress/block-library: 7.14.8` - `@wordpress/components: 21.0.6` - `@wordpress/customize-widgets: 3.14.8` - `@wordpress/edit-post: 6.14.8` - `@wordpress/edit-site: 4.14.10` - `@wordpress/edit-widgets: 4.14.8` - `@wordpress/editor: 12.16.7` - `@wordpress/format-library: 3.15.7` - `@wordpress/interface: 4.16.6` - `@wordpress/list-reusable-blocks: 3.15.6` - `@wordpress/nux: 5.15.6` - `@wordpress/preferences: 2.9.6` - `@wordpress/reusable-blocks: 3.15.7` - `@wordpress/server-side-render: 3.15.6` - `@wordpress/widgets: 2.15.7` Original PRs from Gutenberg repository: - [WordPress/gutenberg#45041 #45041 Font Size Picker Hint: Fallback to font size `slug` if `name` is undefined] - [WordPress/gutenberg#45045 #45045 Add: Missing output escaping on some blocks] - [WordPress/gutenberg#44999 #44999 Escape comment author URL] - [WordPress/gutenberg#44972 #44972 Navigator: restore focus only once per location] - [WordPress/gutenberg#44858 #44858 Spacing Sizes Control: Try improving layout spacing] - [WordPress/gutenberg#44878 #44878 Fix: Inspector is usable on the top level block even if it is content locked] - [WordPress/gutenberg#44809 #44809 Fix list outdents on Enter in quote block] - [WordPress/gutenberg#44864 #44864 List v2: fix selection when creating paragraph from empty list item] - [WordPress/gutenberg#44853 #44853 Fix overflowing patterns] - [WordPress/gutenberg#45050 #45050 Fix visibility of nested Group block appender] - [WordPress/gutenberg#44887 #44887 wp-env: Use case insensitive regex when checking WP version string] Follow-up to [54257], [54335], [54383], [54483], [54486], [54490]. Props bernhard-reiter, audrasjb. See #56467. Built from https://develop.svn.wordpress.org/trunk@54632 git-svn-id: http://core.svn.wordpress.org/trunk@54184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Package updates for bug and regression fixes: - `@wordpress/block-directory: 3.15.8` - `@wordpress/block-editor: 10.0.7` - `@wordpress/block-library: 7.14.8` - `@wordpress/components: 21.0.6` - `@wordpress/customize-widgets: 3.14.8` - `@wordpress/edit-post: 6.14.8` - `@wordpress/edit-site: 4.14.10` - `@wordpress/edit-widgets: 4.14.8` - `@wordpress/editor: 12.16.7` - `@wordpress/format-library: 3.15.7` - `@wordpress/interface: 4.16.6` - `@wordpress/list-reusable-blocks: 3.15.6` - `@wordpress/nux: 5.15.6` - `@wordpress/preferences: 2.9.6` - `@wordpress/reusable-blocks: 3.15.7` - `@wordpress/server-side-render: 3.15.6` - `@wordpress/widgets: 2.15.7` Original PRs from Gutenberg repository: - [WordPress/gutenberg#45041 #45041 Font Size Picker Hint: Fallback to font size `slug` if `name` is undefined] - [WordPress/gutenberg#45045 #45045 Add: Missing output escaping on some blocks] - [WordPress/gutenberg#44999 #44999 Escape comment author URL] - [WordPress/gutenberg#44972 #44972 Navigator: restore focus only once per location] - [WordPress/gutenberg#44858 #44858 Spacing Sizes Control: Try improving layout spacing] - [WordPress/gutenberg#44878 #44878 Fix: Inspector is usable on the top level block even if it is content locked] - [WordPress/gutenberg#44809 #44809 Fix list outdents on Enter in quote block] - [WordPress/gutenberg#44864 #44864 List v2: fix selection when creating paragraph from empty list item] - [WordPress/gutenberg#44853 #44853 Fix overflowing patterns] - [WordPress/gutenberg#45050 #45050 Fix visibility of nested Group block appender] - [WordPress/gutenberg#44887 #44887 wp-env: Use case insensitive regex when checking WP version string] Follow-up to [54257], [54335], [54383], [54483], [54486], [54490]. Props bernhard-reiter, audrasjb. See #56467. Built from https://develop.svn.wordpress.org/trunk@54632 git-svn-id: https://core.svn.wordpress.org/trunk@54184 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Package updates for bug and regression fixes: - `@wordpress/block-directory: 3.15.8` - `@wordpress/block-editor: 10.0.7` - `@wordpress/block-library: 7.14.8` - `@wordpress/components: 21.0.6` - `@wordpress/customize-widgets: 3.14.8` - `@wordpress/edit-post: 6.14.8` - `@wordpress/edit-site: 4.14.10` - `@wordpress/edit-widgets: 4.14.8` - `@wordpress/editor: 12.16.7` - `@wordpress/format-library: 3.15.7` - `@wordpress/interface: 4.16.6` - `@wordpress/list-reusable-blocks: 3.15.6` - `@wordpress/nux: 5.15.6` - `@wordpress/preferences: 2.9.6` - `@wordpress/reusable-blocks: 3.15.7` - `@wordpress/server-side-render: 3.15.6` - `@wordpress/widgets: 2.15.7` Original PRs from Gutenberg repository: - [WordPress/gutenberg#45041 #45041 Font Size Picker Hint: Fallback to font size `slug` if `name` is undefined] - [WordPress/gutenberg#45045 #45045 Add: Missing output escaping on some blocks] - [WordPress/gutenberg#44999 #44999 Escape comment author URL] - [WordPress/gutenberg#44972 #44972 Navigator: restore focus only once per location] - [WordPress/gutenberg#44858 #44858 Spacing Sizes Control: Try improving layout spacing] - [WordPress/gutenberg#44878 #44878 Fix: Inspector is usable on the top level block even if it is content locked] - [WordPress/gutenberg#44809 #44809 Fix list outdents on Enter in quote block] - [WordPress/gutenberg#44864 #44864 List v2: fix selection when creating paragraph from empty list item] - [WordPress/gutenberg#44853 #44853 Fix overflowing patterns] - [WordPress/gutenberg#45050 #45050 Fix visibility of nested Group block appender] - [WordPress/gutenberg#44887 #44887 wp-env: Use case insensitive regex when checking WP version string] Follow-up to [54257], [54335], [54383], [54483], [54486], [54490]. Props bernhard-reiter, audrasjb. See #56467. git-svn-id: https://develop.svn.wordpress.org/trunk@54632 602fd350-edb4-49c9-b593-d223f7449a82
What?
Correctly escape
$comment->comment_author_url
URLWhy?
IN 'wp-includes/blocks/avatar.php' on line 130 I've found that $comment->comment_author_url was used without escaping. I think we can improve it by escaping the URL for more consistency.
How?
Testing Instructions
Screenshots or screencast