Make WordPress Core


Ignore:
Timestamp:
06/17/2021 02:35:59 PM (4 years ago)
Author:
SergeyBiryukov
Message:

Administration: Consistently escape admin_url() links.

Props chintan1896, mukesh27.
Fixes #53426.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/upload.php

    r51163 r51177  
    8888        if ( current_user_can( 'upload_files' ) ) {
    8989            ?>
    90             <a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
     90            <a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
    9191                                <?php
    9292        }
     
    273273if ( current_user_can( 'upload_files' ) ) {
    274274    ?>
    275     <a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
     275    <a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
    276276                        <?php
    277277}
Note: See TracChangeset for help on using the changeset viewer.