WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2014 10:06:22 PM (7 years ago)
Author:
wonderboymusic
Message:

In edit-link-form.php, hackificator bails because there is a </form> with no open <form>. It exists, but is needlessly constructed with PHP. It always returns a <form>, only the id and name are different. The dynamic piece just returns the ID now.

See #27881.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/edit-link-form.php

    r28210 r28485  
    1414    $heading = sprintf( __( '<a href="%s">Links</a> / Edit Link' ), 'link-manager.php' );
    1515    $submit_text = __('Update Link');
    16     $form = '<form name="editlink" id="editlink" method="post" action="link.php">';
     16    $form_name = 'editlink';
    1717    $nonce_action = 'update-bookmark_' . $link_id;
    1818} else {
    1919    $heading = sprintf( __( '<a href="%s">Links</a> / Add New Link' ), 'link-manager.php' );
    2020    $submit_text = __('Add Link');
    21     $form = '<form name="addlink" id="addlink" method="post" action="link.php">';
     21    $form_name = 'addlink';
    2222    $nonce_action = 'add-bookmark';
    2323}
     
    7777<?php endif; ?>
    7878
     79<form name="<?php echo esc_attr( $form_name ); ?>" id="<?php echo esc_attr( $form_name ); ?>" method="post" action="link.php">
    7980<?php
    80 if ( !empty($form) )
    81     echo $form;
    82 if ( !empty($link_added) )
     81if ( ! empty( $link_added ) ) {
    8382    echo $link_added;
     83}
    8484
    8585wp_nonce_field( $nonce_action );
Note: See TracChangeset for help on using the changeset viewer.