Make WordPress Core


Ignore:
Timestamp:
08/24/2023 09:30:17 AM (16 months ago)
Author:
audrasjb
Message:

Revisions: Add missing escaping function for $post_edit_link in wp-admin/revision.php.

Props nidhidhandhukiya, Presskopp, mukesh27, rajinsharwar, costdev.
Fixes #59141.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/revision.php

    r55412 r56437  
    105105
    106106        $post_edit_link = get_edit_post_link();
    107         $post_title     = '<a href="' . $post_edit_link . '">' . _draft_or_post_title() . '</a>';
     107        $post_title     = '<a href="' . esc_url( $post_edit_link ) . '">' . _draft_or_post_title() . '</a>';
    108108        /* translators: %s: Post title. */
    109109        $h1             = sprintf( __( 'Compare Revisions of &#8220;%s&#8221;' ), $post_title );
    110         $return_to_post = '<a href="' . $post_edit_link . '">' . __( '&larr; Go to editor' ) . '</a>';
     110        $return_to_post = '<a href="' . esc_url( $post_edit_link ) . '">' . __( '&larr; Go to editor' ) . '</a>';
    111111        // Used in the HTML title tag.
    112112        $title = __( 'Revisions' );
Note: See TracChangeset for help on using the changeset viewer.