From d1bb60c04114562c59c9559c2d9158d59f86c6fd Mon Sep 17 00:00:00 2001
From: bmcculley <box76135@gmail.com>
Date: Thu, 25 Jul 2019 23:55:58 -0400
Subject: [PATCH] escape get_the_title

use wp_kses_post function on get_the_title to prevent potential
malicious issues.

Add wp_body_open() shim for sites older than 5.2

Bottom margin in image alignment

As proposed in #1273, `margin-botom: 1.5em;` added to all three image alignment classes.

tab line 178 inc/woocommerce.php

tab line 61 inc/custom-header.php

update additional get_the_title instances

switch from esc_html to wp_kses_post
---
 comments.php                    | 4 ++--
 inc/template-tags.php           | 4 ++--
 template-parts/content-page.php | 2 +-
 template-parts/content.php      | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/comments.php b/comments.php
index 2c94bfd0..adf9b157 100644
--- a/comments.php
+++ b/comments.php
@@ -33,14 +33,14 @@ if ( post_password_required() ) {
 				printf(
 					/* translators: 1: title. */
 					esc_html__( 'One thought on &ldquo;%1$s&rdquo;', '_s' ),
-					'<span>' . get_the_title() . '</span>'
+					'<span>' . wp_kses_post( get_the_title() ) . '</span>'
 				);
 			} else {
 				printf( // WPCS: XSS OK.
 					/* translators: 1: comment count number, 2: title. */
 					esc_html( _nx( '%1$s thought on &ldquo;%2$s&rdquo;', '%1$s thoughts on &ldquo;%2$s&rdquo;', $_s_comment_count, 'comments title', '_s' ) ),
 					number_format_i18n( $_s_comment_count ),
-					'<span>' . get_the_title() . '</span>'
+					'<span>' . wp_kses_post( get_the_title() ) . '</span>'
 				);
 			}
 			?>
diff --git a/inc/template-tags.php b/inc/template-tags.php
index 652709e0..3c7426af 100644
--- a/inc/template-tags.php
+++ b/inc/template-tags.php
@@ -86,7 +86,7 @@ if ( ! function_exists( '_s_entry_footer' ) ) :
 							),
 						)
 					),
-					get_the_title()
+					wp_kses_post( get_the_title() )
 				)
 			);
 			echo '</span>';
@@ -103,7 +103,7 @@ if ( ! function_exists( '_s_entry_footer' ) ) :
 						),
 					)
 				),
-				get_the_title()
+				wp_kses_post( get_the_title() )
 			),
 			'<span class="edit-link">',
 			'</span>'
diff --git a/template-parts/content-page.php b/template-parts/content-page.php
index b20eff0c..7339a9c3 100644
--- a/template-parts/content-page.php
+++ b/template-parts/content-page.php
@@ -41,7 +41,7 @@
 							),
 						)
 					),
-					get_the_title()
+					wp_kses_post( get_the_title() )
 				),
 				'<span class="edit-link">',
 				'</span>'
diff --git a/template-parts/content.php b/template-parts/content.php
index 0573e82e..2e58962e 100644
--- a/template-parts/content.php
+++ b/template-parts/content.php
@@ -43,7 +43,7 @@
 					),
 				)
 			),
-			get_the_title()
+			wp_kses_post( get_the_title() )
 		) );
 
 		wp_link_pages( array(