wordpress - Why can't this PHP code be exploited? -

community,

i reviewing wordpress theme vulnerabilities , believe have stumbled upon one, reason not executing entire script or something.

here code:

<span style="display: none;" id="hooks"><?php echo json_encode(of_get_header_classes_array()); ?></span> <input type="hidden" id="reset" value="<?php if(isset($_request['reset'])) echo $_request['reset']; ?>" /> 

but reason, script stops executing , prints of code, here source looks like:

<span style="display: none;" id="hooks"> 

and never closes span tag. wondering why happening.

this function:

function of_get_header_classes_array()  {  global $of_options;  foreach ($of_options $value)  {     if ($value['type'] == 'heading')         $hooks[] = str_replace(' ','',strtolower($value['name']));   }  return $hooks; } 

anyone know why can't perform xss inject code $_request['reset'] ?

i guessing hitting error inside of of_get_header_classes_array. check error log , make sure error_reporting turned on?

as exploitable, there might validation on reset param earlier in code. if there absolutely no validation can go town on it.