Make WordPress Core

Changeset 34133


Ignore:
Timestamp:
09/14/2015 10:32:52 PM (9 years ago)
Author:
nbachiyski
Message:

List tables: escape user e-mails

Better safe than sorry.

Location:
trunk/src/wp-admin/includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-ms-users-list-table.php

    r33801 r34133  
    241241     */
    242242    public function column_email( $user ) {
    243         echo "<a href='mailto:$user->user_email'>$user->user_email</a>";
     243        echo "<a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a>";
    244244    }
    245245
  • trunk/src/wp-admin/includes/class-wp-users-list-table.php

    r33774 r34133  
    435435                        break;
    436436                    case 'email':
    437                         $r .= "<a href='mailto:$email'>$email</a>";
     437                        $r .= "<a href='" . esc_url( "mailto:$email" ) . "'>$email</a>";
    438438                        break;
    439439                    case 'role':
Note: See TracChangeset for help on using the changeset viewer.