From c1d43bfa1c86ecab15df831ee0603993bf05dee3 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Mon, 7 Aug 2017 17:24:33 +0200
Subject: [PATCH] XSS.EscapeOutput sniff: Fix issue #933 - namespace
 separators.

This simple change means that namespace separators will be be ignored completely by the check for output escaping which fixes the immediate issue.

For a more thorough fix, the logic of the function would need to be refactored to take namespaced functions into account as well, but that's for another day.
---
 WordPress/Sniffs/XSS/EscapeOutputSniff.php   |  5 +++++
 WordPress/Tests/XSS/EscapeOutputUnitTest.inc | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/WordPress/Sniffs/XSS/EscapeOutputSniff.php b/WordPress/Sniffs/XSS/EscapeOutputSniff.php
index eb6ac8fe02..a829b1b40d 100644
--- a/WordPress/Sniffs/XSS/EscapeOutputSniff.php
+++ b/WordPress/Sniffs/XSS/EscapeOutputSniff.php
@@ -291,6 +291,11 @@ public function process_token( $stackPtr ) {
 				continue;
 			}
 
+			// Ignore namespace separators.
+			if ( T_NS_SEPARATOR === $this->tokens[ $i ]['code'] ) {
+				continue;
+			}
+
 			if ( T_OPEN_PARENTHESIS === $this->tokens[ $i ]['code'] ) {
 
 				if ( ! isset( $this->tokens[ $i ]['parenthesis_closer'] ) ) {
diff --git a/WordPress/Tests/XSS/EscapeOutputUnitTest.inc b/WordPress/Tests/XSS/EscapeOutputUnitTest.inc
index e00a1559b1..ab48302626 100644
--- a/WordPress/Tests/XSS/EscapeOutputUnitTest.inc
+++ b/WordPress/Tests/XSS/EscapeOutputUnitTest.inc
@@ -225,3 +225,15 @@ echo 8 * 1.2; // Ok.
 <?= $var['foo']; ?><!-- Bad. -->
 <?= $var->foo ?><!-- Bad. -->
 <?php
+
+// Issue #933. OK.
+function do_footer_nav() {
+	echo \wp_kses_post(
+		\genesis_get_nav_menu(
+			[
+				'menu_class'     => 'menu genesis-nav-menu menu-footer',
+				'theme_location' => 'footer',
+			]
+		)
+	);
+}