search

devinsays / portfolio-press

A WordPress theme for artists and designers to showcase their work.
https://wptheming.com/portfolio-theme/
GNU General Public License v2.0
62 stars 30 forks source link

Escape the value of $format when used in an attribute #63

Closed mfields closed 10 years ago

mfields commented 10 years ago

In template-headers.php line 61:

<span class="entry-meta-icon icon-format-<?php echo $format ?>"></span>

is better as:

<span class="entry-meta-icon icon-format-<?php echo esc_attr( $format ); ?>"></span>