Make WordPress Core


Ignore:
Timestamp:
07/06/2022 07:44:43 PM (2 years ago)
Author:
desrosj
Message:

Themes: Properly escape home_url() when changing and updating themes.

Props obayedmamur, hurayraiit, costdev, shraboni, msnewas.
Fixes #56145.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/themes.php

    r52978 r53677  
    267267    if ( isset( $_GET['previewed'] ) ) {
    268268        ?>
    269         <div id="message2" class="updated notice is-dismissible"><p><?php _e( 'Settings saved and theme activated.' ); ?> <a href="<?php echo home_url( '/' ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
     269        <div id="message2" class="updated notice is-dismissible"><p><?php _e( 'Settings saved and theme activated.' ); ?> <a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
    270270        <?php
    271271    } else {
    272272        ?>
    273         <div id="message2" class="updated notice is-dismissible"><p><?php _e( 'New theme activated.' ); ?> <a href="<?php echo home_url( '/' ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
     273        <div id="message2" class="updated notice is-dismissible"><p><?php _e( 'New theme activated.' ); ?> <a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
    274274        <?php
    275275    }
Note: See TracChangeset for help on using the changeset viewer.