Changeset 5056 for trunk/wp-admin/user-edit.php

Timestamp:

03/17/2007 08:46:59 AM (19 years ago)

Author:

markjaquith

Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for trunk.

File:

• trunk/wp-admin/user-edit.php (modified) (1 diff)

trunk/wp-admin/user-edit.php

@@ -56 +56 @@
     <p><strong><?php _e('User updated.') ?></strong></p>
     <?php if ( $wp_http_referer ) : ?>
-    <p><a href="<?php echo attribute_escape($wp_http_referer); ?>"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
+    <p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
     <?php endif; ?>
 </div>