Make WordPress Core

Changeset 51189


Ignore:
Timestamp:
06/21/2021 04:29:18 AM (3 years ago)
Author:
SergeyBiryukov
Message:

Administration: Consistently escape network_admin_url() links.

Follow-up to [51177].

Props chintan1896, mukesh27.
Fixes #53459.

Location:
trunk/src/wp-admin
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/dashboard.php

    r51177 r51189  
    485485    ?>
    486486
    487     <form action="<?php echo network_admin_url( 'users.php' ); ?>" method="get">
     487    <form action="<?php echo esc_url( network_admin_url( 'users.php' ) ); ?>" method="get">
    488488        <p>
    489489            <label class="screen-reader-text" for="search-users"><?php _e( 'Search Users' ); ?></label>
     
    493493    </form>
    494494
    495     <form action="<?php echo network_admin_url( 'sites.php' ); ?>" method="get">
     495    <form action="<?php echo esc_url( network_admin_url( 'sites.php' ) ); ?>" method="get">
    496496        <p>
    497497            <label class="screen-reader-text" for="search-sites"><?php _e( 'Search Sites' ); ?></label>
  • trunk/src/wp-admin/includes/template.php

    r51158 r51189  
    973973        <div class="error"><p><?php _e( 'Before you can upload your import file, you will need to fix the following error:' ); ?></p>
    974974        <p><strong><?php echo $upload_dir['error']; ?></strong></p></div>
    975                                 <?php
     975        <?php
    976976    else :
    977977        ?>
  • trunk/src/wp-admin/network/site-new.php

    r49127 r51189  
    202202?>
    203203</p>
    204 <form method="post" action="<?php echo network_admin_url( 'site-new.php?action=add-site' ); ?>" novalidate="novalidate">
     204<form method="post" action="<?php echo esc_url( network_admin_url( 'site-new.php?action=add-site' ) ); ?>" novalidate="novalidate">
    205205<?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ); ?>
    206206    <table class="form-table" role="presentation">
  • trunk/src/wp-admin/network/site-users.php

    r49944 r51189  
    331331    ?>
    332332<h2 id="add-new-user"><?php _e( 'Add New User' ); ?></h2>
    333 <form action="<?php echo network_admin_url( 'site-users.php?action=newuser' ); ?>" id="newuser" method="post">
     333<form action="<?php echo esc_url( network_admin_url( 'site-users.php?action=newuser' ) ); ?>" id="newuser" method="post">
    334334    <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
    335335    <table class="form-table" role="presentation">
  • trunk/src/wp-admin/network/sites.php

    r49944 r51189  
    367367
    368368<?php if ( current_user_can( 'create_sites' ) ) : ?>
    369     <a href="<?php echo network_admin_url( 'site-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
     369    <a href="<?php echo esc_url( network_admin_url( 'site-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
    370370<?php endif; ?>
    371371
  • trunk/src/wp-admin/network/user-new.php

    r50556 r51189  
    123123    </div>
    124124<?php } ?>
    125     <form action="<?php echo network_admin_url( 'user-new.php?action=add-user' ); ?>" id="adduser" method="post" novalidate="novalidate">
     125    <form action="<?php echo esc_url( network_admin_url( 'user-new.php?action=add-user' ) ); ?>" id="adduser" method="post" novalidate="novalidate">
    126126    <table class="form-table" role="presentation">
    127127        <tr class="form-field form-required">
  • trunk/src/wp-admin/network/users.php

    r49944 r51189  
    274274    if ( current_user_can( 'create_users' ) ) :
    275275        ?>
    276         <a href="<?php echo network_admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
    277                             <?php
     276        <a href="<?php echo esc_url( network_admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
     277        <?php
    278278    endif;
    279279
  • trunk/src/wp-admin/upload.php

    r51177 r51189  
    8989            ?>
    9090            <a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
    91                                 <?php
     91            <?php
    9292        }
    9393        ?>
Note: See TracChangeset for help on using the changeset viewer.