magdev/wp-bootstrap
1
Fork 0
Code Issues Pull Requests Actions Releases 24 Activity

security: add |esc_url to all template URLs, register escape Twig filters (v1.1.3)
All checks were successful
Create Release Package / PHP Lint (push) Successful in 50s
Details
Create Release Package / PHPUnit Tests (push) Successful in 44s
Details
Create Release Package / Build Release (push) Successful in 2m17s
Details

Browse Source 
5th OWASP Top-10 pass: added |esc_url filter to all unescaped URL outputs
across 8 Twig template partials (headers, footers, search, comments).
Registered esc_html, esc_attr, esc_url as Twig filters with is_safe option.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Marco Grätsch
2026-03-07 10:34:41 +01:00
parent 02689f687f
commit 6c8526d2a5
10 changed files with 33 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
views/partials/footer-columns.html.twig
View File

@@ -13,7 +13,7 @@
<ul class="list-unstyled">
{% for item in footer_menu %}
<li class="mb-1">
<a href="{{ item.url }}" class="text-body-secondary text-decoration-none">
<a href="{{ item.url|esc_url }}" class="text-body-secondary text-decoration-none">
{{ item.title }}
</a>
</li>