Make WordPress Core


Ignore:
Timestamp:
09/04/2012 10:35:12 PM (12 years ago)
Author:
nacin
Message:

Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/theme.php

    r21604 r21755  
    2424    ob_start();
    2525    if ( empty( $redirect ) )
    26         $redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . $stylesheet, 'delete-theme_' . $stylesheet);
     26        $redirect = wp_nonce_url('themes.php?action=delete&stylesheet=' . urlencode( $stylesheet ), 'delete-theme_' . $stylesheet);
    2727    if ( false === ($credentials = request_filesystem_credentials($redirect)) ) {
    2828        $data = ob_get_contents();
Note: See TracChangeset for help on using the changeset viewer.