Make WordPress Core


Ignore:
Timestamp:
08/05/2022 05:58:01 AM (22 months ago)
Author:
audrasjb
Message:

Coding standards: Properly escape URLs returned by self_admin_url() calls.

Props krishaweb, audrasjb, SergeyBiryukov.
Fixes #56329.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/update-core.php

    r53700 r53839  
    918918    </div>
    919919    <script type="text/javascript">
    920     window.location = '<?php echo self_admin_url( 'about.php?updated' ); ?>';
     920    window.location = '<?php echo esc_url( self_admin_url( 'about.php?updated' ) ); ?>';
    921921    </script>
    922922    <?php
Note: See TracChangeset for help on using the changeset viewer.