Skip to content

Commit 929cf3c

Browse files
audrasjbaudrasjb
committed
Widgets: Escape RSS error messages for display.
Props xknown, timothyblynjacobs, matveb, talldanwp. git-svn-id: https://develop.svn.wordpress.org/trunk@54541 602fd350-edb4-49c9-b593-d223f7449a82
1 parent d815d2e commit 929cf3c

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

src/wp-includes/widgets.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1578,7 +1578,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
15781578

15791579
if ( is_wp_error( $rss ) ) {
15801580
if ( is_admin() || current_user_can( 'manage_options' ) ) {
1581-
echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . $rss->get_error_message() . '</p>';
1581+
echo '<p><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $rss->get_error_message() ) . '</p>';
15821582
}
15831583
return;
15841584
}
@@ -1701,7 +1701,7 @@ function wp_widget_rss_form( $args, $inputs = null ) {
17011701
$args['show_date'] = isset( $args['show_date'] ) ? (int) $args['show_date'] : (int) $inputs['show_date'];
17021702

17031703
if ( ! empty( $args['error'] ) ) {
1704-
echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . $args['error'] . '</p>';
1704+
echo '<p class="widget-error"><strong>' . __( 'RSS Error:' ) . '</strong> ' . esc_html( $args['error'] ) . '</p>';
17051705
}
17061706

17071707
$esc_number = esc_attr( $args['number'] );

0 commit comments

Comments
 (0)