Make WordPress Core


Ignore:
Timestamp:
06/17/2021 02:35:59 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Administration: Consistently escape admin_url() links.

Props chintan1896, mukesh27.
Fixes #53426.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/image-edit.php

    r50810 r51177  
    9191
    9292        <div id="imgedit-crop-<?php echo $post_id; ?>" class="imgedit-crop-wrap">
    93         <img id="image-preview-<?php echo $post_id; ?>" onload="imageEdit.imgLoaded('<?php echo $post_id; ?>')" src="<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>?action=imgedit-preview&amp;_ajax_nonce=<?php echo $nonce; ?>&amp;postid=<?php echo $post_id; ?>&amp;rand=<?php echo rand( 1, 99999 ); ?>" alt="" />
     93        <img id="image-preview-<?php echo $post_id; ?>" onload="imageEdit.imgLoaded('<?php echo $post_id; ?>')"
     94            src="<?php echo esc_url( admin_url( 'admin-ajax.php', 'relative' ) ) . '?action=imgedit-preview&amp;_ajax_nonce=' . $nonce . '&amp;postid=' . $post_id . '&amp;rand=' . rand( 1, 99999 ); ?>" alt="" />
    9495        </div>
    9596
Note: See TracChangeset for help on using the changeset viewer.