esc_url() instead of esc_html() in wp_nonce_url()
|Reported by:||jkudish||Owned by:||SergeyBiryukov|
The wp_nonce_url() function currently uses esc_html() in its output, which doesn't really seem to be the appropriate escaping function since it's generating a URL.
Attached patch changes the output to use esc_url()
Change History (15)
comment:1 follow-up: ↓ 2 @SergeyBiryukov — 3 years ago
- Keywords 3.5-early added
- Milestone changed from Awaiting Review to Future Release
comment:7 @SergeyBiryukov — 2 years ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
comment:8 @johnbillion — 2 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
Note: See TracTickets for help on using tickets.