From 4d6e524d909f4514c12c9db1024c3d440efef226 Mon Sep 17 00:00:00 2001 From: nacin Date: Sun, 21 Nov 2010 13:37:09 +0000 Subject: [PATCH] Escape the wrap ID and class attributes going into sprintf() and s/slug/wrap_id/ to make it more obvious. see #14235. git-svn-id: http://svn.automattic.com/wordpress/trunk@16520 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/nav-menu-template.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/wp-includes/nav-menu-template.php b/wp-includes/nav-menu-template.php index afdc7fe9e..fc3e33cde 100644 --- a/wp-includes/nav-menu-template.php +++ b/wp-includes/nav-menu-template.php @@ -205,26 +205,26 @@ function wp_nav_menu( $args = array() ) { // Attributes if ( ! empty( $args->menu_id ) ) { - $slug = $args->menu_id; + $wrap_id = $args->menu_id; } else { - $slug = 'menu-' . $menu->slug; - while ( in_array( $slug, $menu_id_slugs ) ) { - if ( preg_match( '#-(\d+)$#', $slug, $matches ) ) - $slug = preg_replace('#-(\d+)$#', '-' . ++$matches[1], $slug); + $wrap_id = 'menu-' . $menu->slug; + while ( in_array( $wrap_id, $menu_id_slugs ) ) { + if ( preg_match( '#-(\d+)$#', $wrap_id, $matches ) ) + $wrap_id = preg_replace('#-(\d+)$#', '-' . ++$matches[1], $wrap_id ); else - $slug = $slug . '-1'; + $wrap_id = $wrap_id . '-1'; } } - $menu_id_slugs[] = $slug; - + $menu_id_slugs[] = $wrap_id; + $wrap_class = $args->menu_class ? $args->menu_class : ''; // Allow plugins to hook into the menu to add their own
  • 's $items = apply_filters( 'wp_nav_menu_items', $items, $args ); $items = apply_filters( "wp_nav_menu_{$menu->slug}_items", $items, $args ); - - $nav_menu .= sprintf( $args->items_wrap, $slug, $wrap_class, $items ); - unset($items); + + $nav_menu .= sprintf( $args->items_wrap, esc_attr( $wrap_id ), esc_attr( $wrap_class ), $items ); + unset( $items ); if ( $show_container ) $nav_menu .= 'container . '>';