Make WordPress Core


Ignore:
Timestamp:
03/18/2013 02:01:25 PM (12 years ago)
Author:
ryan
Message:

Escape form action urls with esc_url() rather than esc_attr().

Props SergeyBiryukov
fixes #23266

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/file.php

    r23669 r23739  
    980980-->
    981981</script>
    982 <form action="<?php echo $form_post ?>" method="post">
     982<form action="<?php echo esc_url( $form_post ) ?>" method="post">
    983983<div class="wrap">
    984984<?php screen_icon(); ?>
Note: See TracChangeset for help on using the changeset viewer.