Make WordPress Core


Ignore:
Timestamp:
06/17/2021 02:35:59 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Administration: Consistently escape admin_url() links.

Props chintan1896, mukesh27.
Fixes #53426.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/comment.php

    r48991 r51177  
    233233    <td class="comment-content">
    234234        <?php comment_text( $comment ); ?>
    235     <p class="edit-comment"><a href="<?php echo admin_url( "comment.php?action=editcomment&amp;c={$comment->comment_ID}" ); ?>"><?php esc_html_e( 'Edit' ); ?></a></p>
     235    <p class="edit-comment"><a href="<?php echo esc_url( admin_url( "comment.php?action=editcomment&c={$comment->comment_ID}" ) ); ?>"><?php esc_html_e( 'Edit' ); ?></a></p>
    236236    </td>
    237237    </tr>
     
    242242    <p>
    243243        <?php submit_button( $button, 'primary', 'submit', false ); ?>
    244     <a href="<?php echo admin_url( 'edit-comments.php' ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a>
     244    <a href="<?php echo esc_url( admin_url( 'edit-comments.php' ) ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a>
    245245    </p>
    246246
Note: See TracChangeset for help on using the changeset viewer.