Make WordPress Core


Ignore:
Timestamp:
08/05/2022 05:58:01 AM (2 years ago)
Author:
audrasjb
Message:

Coding standards: Properly escape URLs returned by self_admin_url() calls.

Props krishaweb, audrasjb, SergeyBiryukov.
Fixes #56329.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/plugins.php

    r52978 r53839  
    727727if ( ( ! is_multisite() || is_network_admin() ) && current_user_can( 'install_plugins' ) ) {
    728728    ?>
    729     <a href="<?php echo self_admin_url( 'plugin-install.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'plugin' ); ?></a>
     729    <a href="<?php echo esc_url( self_admin_url( 'plugin-install.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'plugin' ); ?></a>
    730730    <?php
    731731}
Note: See TracChangeset for help on using the changeset viewer.