WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/17/2007 08:46:59 AM (13 years ago)
Author:
markjaquith
Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-page-form.php

    r4787 r5056  
    1414}
    1515
    16 $sendto = attribute_escape(stripslashes(wp_get_referer()));
     16$sendto = clean_url(stripslashes(wp_get_referer()));
    1717
    1818if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
Note: See TracChangeset for help on using the changeset viewer.