Description: Nav menus: Consistent titles in widgets
 Prevent XSS attack in widget titles
 CVE-2015-5732
Author: ocean90@wordpress.org
Origin: upstream, https://core.trac.wordpress.org/changeset/33529
Applied-Upstream: 4.2.4
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2015-08-05
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/wp-includes/default-widgets.php
+++ b/wp-includes/default-widgets.php
@@ -1143,7 +1143,7 @@
 		?>
 		<p>
 			<label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:') ?></label>
-			<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo $title; ?>" />
+			<input type="text" class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo esc_attr( $title ); ?>" />
 		</p>
 		<p>
 			<label for="<?php echo $this->get_field_id('nav_menu'); ?>"><?php _e('Select Menu:'); ?></label>
