WordPress.org
Get WordPress

Make WordPress Core

Opened 20 months ago

Closed 20 months ago

Last modified 20 months ago

#54278 closed defect (bug) (fixed)

Properly escape form action url

Reported by: sabbirshouvo's profile sabbirshouvo Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.9 Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords: has-patch commit
Focuses: coding-standards Cc:

Description

In wp-admin/update-core.php there are 4 forms with action. Thress of them has form action with properly escaped URL. One of them is missing URL escaping while the value of action for all of them is the same.

Attachments (1)

54278.diff (519 bytes) - added by sabbirshouvo 20 months ago.

Download all attachments as: .zip

Change History (5)

@sabbirshouvo
20 months ago

#1 @sabbirshouvo
20 months ago

  • Component changed from General to Upgrade/Install

#2 @mukesh27
20 months ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.9
  • Version trunk deleted

Hi there, thanks for the ticket and patch!

The patch looks good to me and ready to marge.

Moving to milestone 5.9 and marking for commit.

#3 @SergeyBiryukov
20 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 51914:

Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.

Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.

This ticket was mentioned in Slack in #core by sergey. View the logs.
20 months ago

Note: See TracTickets for help on using tickets.