Make WordPress Core


Ignore:
Timestamp:
10/20/2011 11:41:07 PM (13 years ago)
Author:
nacin
Message:

Use esc_url() rather than esc_attr() on a redirect-to URL. fixes #17243.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/general-template.php

    r19032 r19033  
    253253
    254254    $form = '
    255         <form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . site_url( 'wp-login.php', 'login_post' ) . '" method="post">
     255        <form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . esc_url( site_url( 'wp-login.php', 'login_post' ) ) . '" method="post">
    256256            ' . apply_filters( 'login_form_top', '', $args ) . '
    257257            <p class="login-username">
     
    267267            <p class="login-submit">
    268268                <input type="submit" name="wp-submit" id="' . esc_attr( $args['id_submit'] ) . '" class="button-primary" value="' . esc_attr( $args['label_log_in'] ) . '" tabindex="100" />
    269                 <input type="hidden" name="redirect_to" value="' . esc_attr( $args['redirect'] ) . '" />
     269                <input type="hidden" name="redirect_to" value="' . esc_url( $args['redirect'] ) . '" />
    270270            </p>
    271271            ' . apply_filters( 'login_form_bottom', '', $args ) . '
Note: See TracChangeset for help on using the changeset viewer.