Closed tangrufus closed 7 years ago
Done as part of larger commit where the admin page is now php-based: made sense to address this while refactoring the rest of the logic since the code comparing current routes in the loop to the database values anyway : https://github.com/dmchale/disable-json-api/commit/6af19e4377efdc639ad53ee08dbdc3df15753f95
https://github.com/dmchale/disable-json-api/blob/6c33f1d5fabee23245012c688e2abd516e46ad73/classes/disable-rest-api.php#L172
As per WordPress coding standards:
wp_unslash()
should go before sanitizationesc_html
seems better thanhtmlspecialchars
See: