Skip to content

quality-debt: views/ui/template-switching-current.php — PR #1110 review feedback (high) #1139

Open
Open
quality-debt: views/ui/template-switching-current.php — PR #1110 review feedback (high)#1139
Labels
model:opus-4-7Override: route dispatch to claude-opus-4-7 (wins over tier:*)origin:workerAuto-created by pulse labelless backfill (t2112)priority:highHigh severity — significant quality issuequality-debtUnactioned review feedback from merged PRssource:review-feedbackAuto-created by quality-feedback-helper.shstatus:availableTask is available for claimingtier:thinkingRoute to opus-tier model for dispatch
@superdav42

Description

@superdav42
superdav42
opened on May 6, 2026

Unactioned Review Feedback

Source PR: #1110
File: views/ui/template-switching-current.php
Reviewers: coderabbit
Findings: 1
Max severity: high

HIGH: coderabbit (coderabbitai[bot])

File: views/ui/template-switching-current.php:40
⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use esc_url() for the image source.

Line [38] escapes a URL with esc_attr(). For src, use esc_url() so protocol/value sanitization is context-correct.

Proposed fix 
-					src="<?php echo esc_attr($current_template->get_featured_image('wu-thumb-medium')); ?>"
+					src="<?php echo esc_url($current_template->get_featured_image('wu-thumb-medium')); ?>"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

				<img
					class="wu-rounded wu-border-solid wu-border wu-border-gray-300 wu-bg-white"
					style="width: 120px; height: 80px; object-fit: cover;"
					src="<?php echo esc_url($current_template->get_featured_image('wu-thumb-medium')); ?>"
					alt="<?php echo esc_attr($current_template->get_title()); ?>"
				/>
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@views/ui/template-switching-current.php` around lines 35 - 40, The image src
is being escaped with esc_attr() which is for attributes; replace
esc_attr($current_template->get_featured_image('wu-thumb-medium')) with esc_url(
$current_template->get_featured_image('wu-thumb-medium') ) so the URL is
properly sanitized for an src context (keep esc_attr for the alt using
$current_template->get_title()). Locate the img tag using
current_template->get_featured_image and update only the src escaping to
esc_url.

View comment

Auto-generated by quality-feedback-helper.sh scan-merged. Review each finding and either fix the code or dismiss with a reason.

aidevops.sh v3.14.75 automated scan.

Metadata

Metadata

Assignees

No one assigned

    Labels

    model:opus-4-7Override: route dispatch to claude-opus-4-7 (wins over tier:*)origin:workerAuto-created by pulse labelless backfill (t2112)priority:highHigh severity — significant quality issuequality-debtUnactioned review feedback from merged PRssource:review-feedbackAuto-created by quality-feedback-helper.shstatus:availableTask is available for claimingtier:thinkingRoute to opus-tier model for dispatch

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions