Add escaping on active class

tewariharish · tewariharish · commit dfabb3b9c445 · 2025-04-16T22:59:59.000+05:30
diff --git a/src/wp-admin/themes.php b/src/wp-admin/themes.php
@@ -432,7 +432,7 @@
 		$active_class = ' active';
 	}
 	?>
-<div class="theme<?php echo $active_class; ?>">
+<div class="theme<?php echo esc_attr( $active_class ); ?>">
 	<?php if ( ! empty( $theme['screenshot'][0] ) ) { ?>
 		<div class="theme-screenshot">
 			<img src="<?php echo esc_url( $theme['screenshot'][0] . '?ver=' . $theme['version'] ); ?>" alt="" />

Original file line number	Diff line number	Diff line change
`@@ -432,7 +432,7 @@`
`432`	`432`	`$active_class = ' active';`
`433`	`433`	`}`
`434`	`434`	`?>`
`435`		`-<div class="theme<?php echo $active_class; ?>">`
	`435`	`+<div class="theme<?php echo esc_attr( $active_class ); ?>">`
`436`	`436`	`<?php if ( ! empty( $theme['screenshot'][0] ) ) { ?>`
`437`	`437`	`<div class="theme-screenshot">`
`438`	`438`	`<img src="<?php echo esc_url( $theme['screenshot'][0] . '?ver=' . $theme['version'] ); ?>" alt="" />`