Make WordPress Core


Ignore:
Timestamp:
05/04/2021 01:46:06 PM (4 years ago)
Author:
desrosj
Message:

General: Use correct escaping function for form action attributes.

Props chintan1896, audrasjb.
Fixes #53150.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/post.php

    r50776 r50809  
    22592259    <?php the_block_editor_meta_box_post_form_hidden_fields( $post ); ?>
    22602260    </form>
    2261     <form id="toggle-custom-fields-form" method="post" action="<?php echo esc_attr( admin_url( 'post.php' ) ); ?>">
     2261    <form id="toggle-custom-fields-form" method="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>">
    22622262        <?php wp_nonce_field( 'toggle-custom-fields', 'toggle-custom-fields-nonce' ); ?>
    22632263        <input type="hidden" name="action" value="toggle-custom-fields" />
Note: See TracChangeset for help on using the changeset viewer.