Changeset 22520

Timestamp:

11/10/2012 05:30:51 AM (13 years ago)

Author:

nacin

Message:

URLs should be esc_url(), not esc_attr().

File:

• trunk/wp-admin/custom-header.php (modified) (3 diffs)

trunk/wp-admin/custom-header.php

@@ -526 +526 @@
     }
     ?></p>
-    <form enctype="multipart/form-data" id="upload-form" class="wp-upload-form" method="post" action="<?php echo esc_attr( add_query_arg( 'step', 2 ) ) ?>">
+    <form enctype="multipart/form-data" id="upload-form" class="wp-upload-form" method="post" action="<?php echo esc_url( add_query_arg( 'step', 2 ) ) ?>">
     <p>
         <label for="upload"><?php _e( 'Choose an image from your computer:' ); ?></label><br />
@@ -555 +555 @@
 </table>
 
-<form method="post" action="<?php echo esc_attr( add_query_arg( 'step', 1 ) ) ?>">
+<form method="post" action="<?php echo esc_url( add_query_arg( 'step', 1 ) ) ?>">
 <table class="form-table">
 <tbody>
@@ -730 +730 @@
 <h2><?php _e( 'Crop Header Image' ); ?></h2>
 
-<form method="post" action="<?php echo esc_attr(add_query_arg('step', 3)); ?>">
+<form method="post" action="<?php echo esc_url(add_query_arg('step', 3)); ?>">
     <p class="hide-if-no-js"><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
     <p class="hide-if-js"><strong><?php _e( 'You need Javascript to choose a part of the image.'); ?></strong></p>