Make WordPress Core

Changeset 52949


Ignore:
Timestamp:
03/18/2022 01:42:34 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Themes: Use esc_url() for theme screenshots on the Themes screen.

This brings consistency with how screenshots are escaped elsewhere.

Follow-up to [52020], [52947].

See #53370.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/themes.php

    r52947 r52949  
    389389    <?php if ( ! empty( $theme['screenshot'][0] ) ) { ?>
    390390        <div class="theme-screenshot">
    391             <img src="<?php echo esc_attr( $theme['screenshot'][0] . '?ver=' . $theme['version'] ); ?>" alt="" />
     391            <img src="<?php echo esc_url( $theme['screenshot'][0] . '?ver=' . $theme['version'] ); ?>" alt="" />
    392392        </div>
    393393    <?php } else { ?>
Note: See TracChangeset for help on using the changeset viewer.