Make WordPress Core

Changeset 53839


Ignore:
Timestamp:
08/05/2022 05:58:01 AM (2 years ago)
Author:
audrasjb
Message:

Coding standards: Properly escape URLs returned by self_admin_url() calls.

Props krishaweb, audrasjb, SergeyBiryukov.
Fixes #56329.

Location:
trunk/src/wp-admin
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/plugin-install.php

    r52936 r53839  
    343343<div class="upload-plugin">
    344344    <p class="install-help"><?php _e( 'If you have a plugin in a .zip format, you may install or update it by uploading it here.' ); ?></p>
    345     <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url( 'update.php?action=upload-plugin' ); ?>">
     345    <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo esc_url( self_admin_url( 'update.php?action=upload-plugin' ) ); ?>">
    346346        <?php wp_nonce_field( 'plugin-upload' ); ?>
    347347        <label class="screen-reader-text" for="pluginzip"><?php _e( 'Plugin zip file' ); ?></label>
  • trunk/src/wp-admin/includes/theme-install.php

    r53639 r53839  
    183183    ?>
    184184<p class="install-help"><?php _e( 'If you have a theme in a .zip format, you may install or update it by uploading it here.' ); ?></p>
    185 <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url( 'update.php?action=upload-theme' ); ?>">
     185<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo esc_url( self_admin_url( 'update.php?action=upload-theme' ) ); ?>">
    186186    <?php wp_nonce_field( 'theme-upload' ); ?>
    187187    <label class="screen-reader-text" for="themezip"><?php _e( 'Theme zip file' ); ?></label>
  • trunk/src/wp-admin/plugins.php

    r52978 r53839  
    727727if ( ( ! is_multisite() || is_network_admin() ) && current_user_can( 'install_plugins' ) ) {
    728728    ?>
    729     <a href="<?php echo self_admin_url( 'plugin-install.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'plugin' ); ?></a>
     729    <a href="<?php echo esc_url( self_admin_url( 'plugin-install.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'plugin' ); ?></a>
    730730    <?php
    731731}
  • trunk/src/wp-admin/update-core.php

    r53700 r53839  
    918918    </div>
    919919    <script type="text/javascript">
    920     window.location = '<?php echo self_admin_url( 'about.php?updated' ); ?>';
     920    window.location = '<?php echo esc_url( self_admin_url( 'about.php?updated' ) ); ?>';
    921921    </script>
    922922    <?php
Note: See TracChangeset for help on using the changeset viewer.