diff --git a/wp-includes/general-template.php b/wp-includes/general-template.php index b8f90b85bb..57a7b675dc 100644 --- a/wp-includes/general-template.php +++ b/wp-includes/general-template.php @@ -4249,25 +4249,25 @@ function get_the_generator( $type = '' ) { switch ( $type ) { case 'html': - $gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '">'; + $gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">'; break; case 'xhtml': - $gen = '<meta name="generator" content="WordPress ' . get_bloginfo( 'version' ) . '" />'; + $gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />'; break; case 'atom': - $gen = '<generator uri="https://wordpress.org/" version="' . get_bloginfo_rss( 'version' ) . '">WordPress</generator>'; + $gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>'; break; case 'rss2': - $gen = '<generator>https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '</generator>'; + $gen = '<generator>' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>'; break; case 'rdf': - $gen = '<admin:generatorAgent rdf:resource="https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) . '" />'; + $gen = '<admin:generatorAgent rdf:resource="' . esc_url_raw( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />'; break; case 'comment': - $gen = '<!-- generator="WordPress/' . get_bloginfo( 'version' ) . '" -->'; + $gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->'; break; case 'export': - $gen = '<!-- generator="WordPress/' . get_bloginfo_rss( 'version' ) . '" created="' . date( 'Y-m-d H:i' ) . '" -->'; + $gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . date( 'Y-m-d H:i' ) . '" -->'; break; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 87d92b4eb3..4e6342a32e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '5.0-alpha-42892'; +$wp_version = '5.0-alpha-42893'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.