Context Navigation

Changeset 51189

Timestamp:

06/21/2021 04:29:18 AM (4 years ago)

Author:

SergeyBiryukov

Message:

Administration: Consistently escape network_admin_url() links.

Follow-up to [51177].

Props chintan1896, mukesh27.
Fixes #53459.

Location:

trunk/src/wp-admin

Files:

-                      r51177
+                      r51189
     ?>
     <form action="<?php echo network_admin_url( 'users.php' ); ?>" method="get">
+    <form action="<?php echo esc_url( network_admin_url( 'users.php' ) ); ?>" method="get">
         <p>
             <label class="screen-reader-text" for="search-users"><?php _e( 'Search Users' ); ?></label>
 …
     </form>
     <form action="<?php echo network_admin_url( 'sites.php' ); ?>" method="get">
+    <form action="<?php echo esc_url( network_admin_url( 'sites.php' ) ); ?>" method="get">
         <p>
             <label class="screen-reader-text" for="search-sites"><?php _e( 'Search Sites' ); ?></label>

r51158	r51189
973	973	<div class="error"><p><?php _e( 'Before you can upload your import file, you will need to fix the following error:' ); ?></p>
974	974	<p><strong><?php echo $upload_dir['error']; ?></strong></p></div>
975		<?php
	975	<?php
976	976	else :
977	977	?>

r49127	r51189
202	202	?>
203	203	</p>
204		<form method="post" action="<?php echo ~~network_admin_url( 'site-new.php?action=add-site'~~ ); ?>" novalidate="novalidate">
	204	<form method="post" action="<?php echo esc_url( network_admin_url( 'site-new.php?action=add-site' ) ); ?>" novalidate="novalidate">
205	205	<?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ); ?>
206	206	<table class="form-table" role="presentation">

r49944	r51189
331	331	?>
332	332	<h2 id="add-new-user"><?php _e( 'Add New User' ); ?></h2>
333		<form action="<?php echo ~~network_admin_url( 'site-users.php?action=newuser'~~ ); ?>" id="newuser" method="post">
	333	<form action="<?php echo esc_url( network_admin_url( 'site-users.php?action=newuser' ) ); ?>" id="newuser" method="post">
334	334	<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
335	335	<table class="form-table" role="presentation">

r49944	r51189
367	367
368	368	<?php if ( current_user_can( 'create_sites' ) ) : ?>
369		<a href="<?php echo ~~network_admin_url( 'site-new.php'~~ ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
	369	<a href="<?php echo esc_url( network_admin_url( 'site-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
370	370	<?php endif; ?>
371	371

r50556	r51189
123	123	</div>
124	124	<?php } ?>
125		<form action="<?php echo ~~network_admin_url( 'user-new.php?action=add-user'~~ ); ?>" id="adduser" method="post" novalidate="novalidate">
	125	<form action="<?php echo esc_url( network_admin_url( 'user-new.php?action=add-user' ) ); ?>" id="adduser" method="post" novalidate="novalidate">
126	126	<table class="form-table" role="presentation">
127	127	<tr class="form-field form-required">

-                      r49944
+                      r51189
     if ( current_user_can( 'create_users' ) ) :
         ?>
         <a href="<?php echo network_admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
                             <?php
+        <a href="<?php echo esc_url( network_admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
+        <?php
     endif;

r51177	r51189
89	89	?>
90	90	<a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
91		<?php
	91	<?php
92	92	}
93	93	?>

Note: See TracChangeset for help on using the changeset viewer.