WordPress.org

Make WordPress Core

Changeset 51914


Ignore:
Timestamp:
10/17/2021 08:29:58 PM (6 hours ago)
Author:
SergeyBiryukov
Message:

Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.

Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/update-core.php

    r51475 r51914  
    155155    echo '</p>';
    156156
    157     echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
     157    echo '<form method="post" action="' . esc_url( $form_action ) . '" name="upgrade" class="upgrade">';
    158158    wp_nonce_field( 'upgrade-core' );
    159159
Note: See TracChangeset for help on using the changeset viewer.