Make WordPress Core

Opened 8 weeks ago

Closed 7 weeks ago

Last modified 7 weeks ago

#54278 closed defect (bug) (fixed)

Properly escape form action url

Reported by: sabbirshouvo Owned by: SergeyBiryukov
Milestone: 5.9 Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords: has-patch commit
Focuses: coding-standards Cc:


In wp-admin/update-core.php there are 4 forms with action. Thress of them has form action with properly escaped URL. One of them is missing URL escaping while the value of action for all of them is the same.

Attachments (1)

54278.diff (519 bytes) - added by sabbirshouvo 8 weeks ago.

Download all attachments as: .zip

Change History (5)

8 weeks ago

#1 @sabbirshouvo
8 weeks ago

  • Component changed from General to Upgrade/Install

#2 @mukesh27
8 weeks ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.9
  • Version trunk deleted

Hi there, thanks for the ticket and patch!

The patch looks good to me and ready to marge.

Moving to milestone 5.9 and marking for commit.

#3 @SergeyBiryukov
7 weeks ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 51914:

Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.

Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.

This ticket was mentioned in Slack in #core by sergey. View the logs.

7 weeks ago

Note: See TracTickets for help on using tickets.