Make WordPress Core

Ticket #44047: 44047-3.diff

File 44047-3.diff, 1.3 KB (added by birgire, 5 years ago)
  • src/wp-admin/includes/user.php

    diff --git src/wp-admin/includes/user.php src/wp-admin/includes/user.php
    index d477262..74b7c9b 100644
    function _wp_personal_data_export_page() { 
    830830
    831831                <?php settings_errors(); ?>
    832832
    833                 <form action="<?php echo admin_url( 'tools.php?page=export_personal_data' ); ?>" method="post" class="wp-privacy-request-form">
     833                <form action="<?php echo esc_url( admin_url( 'tools.php?page=export_personal_data' ) ); ?>" method="post" class="wp-privacy-request-form">
    834834                        <h2><?php esc_html_e( 'Add Data Export Request' ); ?></h2>
    835835                        <p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
    836836
    function _wp_personal_data_removal_page() { 
    914914
    915915                <?php settings_errors(); ?>
    916916
    917                 <form action="<?php echo admin_url( 'tools.php?page=remove_personal_data' ); ?>" method="post" class="wp-privacy-request-form">
     917                <form action="<?php echo esc_url( admin_url( 'tools.php?page=remove_personal_data' ) ); ?>" method="post" class="wp-privacy-request-form">
    918918                        <h2><?php esc_html_e( 'Add Data Erasure Request' ); ?></h2>
    919919                        <p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
    920920