Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#54278 closed defect (bug) (fixed)

Properly escape form action url

Reported by: sabbirshouvo's profile sabbirshouvo Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.9 Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords: has-patch commit
Focuses: coding-standards Cc:


In wp-admin/update-core.php there are 4 forms with action. Thress of them has form action with properly escaped URL. One of them is missing URL escaping while the value of action for all of them is the same.

Attachments (1)

54278.diff (519 bytes) - added by sabbirshouvo 3 years ago.

Download all attachments as: .zip

Change History (5)

3 years ago

#1 @sabbirshouvo
3 years ago

  • Component changed from General to Upgrade/Install

#2 @mukesh27
3 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.9
  • Version trunk deleted

Hi there, thanks for the ticket and patch!

The patch looks good to me and ready to marge.

Moving to milestone 5.9 and marking for commit.

#3 @SergeyBiryukov
3 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 51914:

Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.

Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.

This ticket was mentioned in Slack in #core by sergey. View the logs.

3 years ago

Note: See TracTickets for help on using tickets.