Comments: Escape comment author's email in the Edit Comment form.

Technically, this is redundant, as the `comment_author`, `comment_author_email`, and `comment_author_url` fields are already escaped via `get_comment_to_edit()` before the form is displayed. However, this brings some consistency with the `comment_author` and `comment_author_url` fields being escaped in the same form. Follow-up to [11721]. Props utsav72640. Fixes #53349. Built from https://develop.svn.wordpress.org/trunk@51080 git-svn-id: http://core.svn.wordpress.org/trunk@50689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-07 18:47:02 +00:00 · 2021-06-07 18:47:02 +00:00 · aeebd14fe2
parent 3642c401b6
commit aeebd14fe2
2 changed files with 2 additions and 2 deletions
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@ -52,7 +52,7 @@ if ( 'approved' === wp_get_comment_status( $comment ) && $comment->comment_post_
 <tr>
 	<td class="first"><label for="email"><?php _e( 'Email' ); ?></label></td>
 	<td>
-		<input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" id="email" />
+		<input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr( $comment->comment_author_email ); ?>" id="email" />
 	</td>
 </tr>
 <tr>
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.8-alpha-51079';
+$wp_version = '5.8-alpha-51080';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.