Make WordPress Core


Ignore:
Timestamp:
06/17/2021 02:35:59 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Administration: Consistently escape admin_url() links.

Props chintan1896, mukesh27.
Fixes #53426.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/about.php

    r50535 r51177  
    2424        <div class="about__header">
    2525            <div class="about__header-image">
    26                 <img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo admin_url( 'images/about-badge.svg' ); ?>" />
     26                <img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo esc_url( admin_url( 'images/about-badge.svg' ) ); ?>" />
    2727            </div>
    2828
     
    180180            <div class="column about__image">
    181181                <picture>
    182                     <source media="(max-width: 600px)" srcset="<?php echo admin_url( 'images/about-color-palette-vert.svg' ); ?>" />
    183                     <img alt="" src="<?php echo admin_url( 'images/about-color-palette.svg' ); ?>" />
     182                    <source media="(max-width: 600px)" srcset="<?php echo esc_url( admin_url( 'images/about-color-palette-vert.svg' ) ); ?>" />
     183                    <img alt="" src="<?php echo esc_url( admin_url( 'images/about-color-palette.svg' ) ); ?>" />
    184184                </picture>
    185185            </div>
Note: See TracChangeset for help on using the changeset viewer.