Make WordPress Core


Ignore:
Timestamp:
06/17/2021 02:35:59 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Administration: Consistently escape admin_url() links.

Props chintan1896, mukesh27.
Fixes #53426.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/nav-menus.php

    r51010 r51177  
    690690
    691691    <nav class="nav-tab-wrapper wp-clearfix" aria-label="<?php esc_attr_e( 'Secondary menu' ); ?>">
    692         <a href="<?php echo admin_url( 'nav-menus.php' ); ?>" class="nav-tab<?php echo $nav_tab_active_class; ?>"<?php echo $nav_aria_current; ?>><?php esc_html_e( 'Edit Menus' ); ?></a>
     692        <a href="<?php echo esc_url( admin_url( 'nav-menus.php' ) ); ?>" class="nav-tab<?php echo $nav_tab_active_class; ?>"<?php echo $nav_aria_current; ?>><?php esc_html_e( 'Edit Menus' ); ?></a>
    693693        <?php
    694694        if ( $num_locations && $menu_count ) {
     
    841841        </span><!-- /add-edit-menu-action -->
    842842        <?php else : ?>
    843             <form method="get" action="<?php echo admin_url( 'nav-menus.php' ); ?>">
     843            <form method="get" action="<?php echo esc_url( admin_url( 'nav-menus.php' ) ); ?>">
    844844            <input type="hidden" name="action" value="edit" />
    845845            <label for="select-menu-to-edit" class="selected-menu"><?php _e( 'Select a menu to edit:' ); ?></label>
Note: See TracChangeset for help on using the changeset viewer.