WordPress.org

Make WordPress Core


Ignore:
Timestamp:
09/04/2012 10:35:12 PM (9 years ago)
Author:
nacin
Message:

Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r21752 r21755  
    15031503            'template'   => urlencode( $template ),
    15041504            'stylesheet' => urlencode( $stylesheet ),
    1505         ), trailingslashit( get_home_url() ) );
     1505        ), trailingslashit( home_url() ) );
    15061506
    15071507        $activate_link = add_query_arg( array(
     
    15181518
    15191519        if ( is_network_admin() && current_user_can( 'manage_network_themes' ) )
    1520             $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&amp;theme=' . $stylesheet, 'enable-theme_' . $stylesheet ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>';
     1520            $install_actions['network_enable'] = '<a href="' . esc_url( wp_nonce_url( 'themes.php?action=enable&amp;theme=' . urlencode( $stylesheet ), 'enable-theme_' . $stylesheet ) ) . '" title="' . esc_attr__( 'Enable this theme for all sites in this network' ) . '" target="_parent">' . __( 'Network Enable' ) . '</a>';
    15211521
    15221522        if ( $this->type == 'web' )
     
    15671567                'template'   => urlencode( $template ),
    15681568                'stylesheet' => urlencode( $stylesheet ),
    1569             ), trailingslashit( get_home_url() ) );
     1569            ), trailingslashit( home_url() ) );
    15701570
    15711571            $activate_link = add_query_arg( array(
Note: See TracChangeset for help on using the changeset viewer.