Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

die - All output should be run through an escaping function #1861

Closed
kkmuffme opened this issue Feb 5, 2020 · 2 comments · Fixed by #2326
Closed

die - All output should be run through an escaping function #1861

kkmuffme opened this issue Feb 5, 2020 · 2 comments · Fixed by #2326
Labels
Type: Bug
Milestone
3.0.0

Comments

@kkmuffme
Copy link

kkmuffme commented Feb 5, 2020

Getting WordPress.Security.EscapeOutput.OutputNotEscaped for following code:

$var = 'hello';
echo $var == 'foo' ? 'bar' : die( 'world' );

echo 'example';

while using die( 'world' ); standalone, does not produce this error.
@meevly
Copy link

meevly commented Feb 17, 2020

@kkmuffme it's not about die ( 'world' ), you get the error because of echo 'example'; not being escaped (and likely 'bar' as well). I don't think it's a bug.

@jrfnl
Copy link
Member

jrfnl commented Feb 17, 2020

@meevly Sorry, but that's not true. example and bar are hard-coded strings and don't need to be escaped.

I suspect the problem is with the ternary, but this will need further investigation. If I remember correctly, there are a number of other issues open about ternaries and output escaping.

@jrfnl jrfnl added this to the 3.0.0 milestone Jul 27, 2023
@jrfnl jrfnl mentioned this issue Jul 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug
Projects
None yet
Milestone
3.0.0
3 participants
@jrfnl @kkmuffme @meevly