Make WordPress Core

Ticket #56329: 56329.2.patch

File 56329.2.patch, 3.0 KB (added by krishaweb, 19 months ago)

Also found in wp-admin/update-core.php and wp-admin/plugins.php file

  • src/wp-admin/includes/plugin-install.php

    diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php
    index de21b7e96d..cc2294ee5a 100644
    a b function install_plugins_upload() { 
    342342        ?>
    343343<div class="upload-plugin">
    344344        <p class="install-help"><?php _e( 'If you have a plugin in a .zip format, you may install or update it by uploading it here.' ); ?></p>
    345         <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url( 'update.php?action=upload-plugin' ); ?>">
     345        <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo esc_url( self_admin_url( 'update.php?action=upload-plugin' ) ); ?>">
    346346                <?php wp_nonce_field( 'plugin-upload' ); ?>
    347347                <label class="screen-reader-text" for="pluginzip"><?php _e( 'Plugin zip file' ); ?></label>
    348348                <input type="file" id="pluginzip" name="pluginzip" accept=".zip" />
  • src/wp-admin/includes/theme-install.php

    diff --git a/src/wp-admin/includes/theme-install.php b/src/wp-admin/includes/theme-install.php
    index 93c2895dca..2cfb9dbb02 100644
    a b function install_themes_dashboard() { 
    182182function install_themes_upload() {
    183183        ?>
    184184<p class="install-help"><?php _e( 'If you have a theme in a .zip format, you may install or update it by uploading it here.' ); ?></p>
    185 <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url( 'update.php?action=upload-theme' ); ?>">
     185<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo esc_url( self_admin_url( 'update.php?action=upload-theme' ) ); ?>">
    186186        <?php wp_nonce_field( 'theme-upload' ); ?>
    187187        <label class="screen-reader-text" for="themezip"><?php _e( 'Theme zip file' ); ?></label>
    188188        <input type="file" id="themezip" name="themezip" accept=".zip" />
  • src/wp-admin/plugins.php

    diff --git a/src/wp-admin/plugins.php b/src/wp-admin/plugins.php
    index cbd401c8a7..9a1945f6be 100644
    a b echo esc_html( $title ); 
    726726<?php
    727727if ( ( ! is_multisite() || is_network_admin() ) && current_user_can( 'install_plugins' ) ) {
    728728        ?>
    729         <a href="<?php echo self_admin_url( 'plugin-install.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'plugin' ); ?></a>
     729        <a href="<?php echo esc_url( self_admin_url( 'plugin-install.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'plugin' ); ?></a>
    730730        <?php
    731731}
    732732
  • src/wp-admin/update-core.php

    diff --git a/src/wp-admin/update-core.php b/src/wp-admin/update-core.php
    index 049facecef..d4509763b3 100644
    a b function do_core_upgrade( $reinstall = false ) { 
    917917        ?>
    918918        </div>
    919919        <script type="text/javascript">
    920         window.location = '<?php echo self_admin_url( 'about.php?updated' ); ?>';
     920        window.location = '<?php echo esc_url( self_admin_url( 'about.php?updated' ) ); ?>';
    921921        </script>
    922922        <?php
    923923}