Make WordPress Core


Ignore:
Timestamp:
03/08/2023 10:17:53 PM (17 months ago)
Author:
audrasjb
Message:

Docs: Add security warning in remove_query_arg() docblock to make it consistent with add_query_arg().

Props roytanck.
Fixes #57885.
See #56792.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r55412 r55492  
    11961196/**
    11971197 * Removes an item or items from a query string.
     1198 *
     1199 * Important: The return value of remove_query_arg() is not escaped by default. Output should be
     1200 * late-escaped with esc_url() or similar to help prevent vulnerability to cross-site scripting
     1201 * (XSS) attacks.
    11981202 *
    11991203 * @since 1.5.0
Note: See TracChangeset for help on using the changeset viewer.