Make WordPress Core

Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#58182 closed enhancement (fixed)

Use esc_url in default_password_nag()

Reported by: utsav72640's profile utsav72640 Owned by: audrasjb's profile audrasjb
Milestone: 6.3 Priority: normal
Severity: normal Version: 2.8
Component: Users Keywords: has-patch commit
Focuses: coding-standards Cc:

Description

esc_url missing on wp-admin/includes/user.php file

Attachments (1)

user_patch_file.patch (831 bytes) - added by utsav72640 12 months ago.
esc_url missing on wp-admin/includes/user.php file

Download all attachments as: .zip

Change History (9)

@utsav72640
12 months ago

esc_url missing on wp-admin/includes/user.php file

#1 @utsav72640
12 months ago

Also I have added in git a new pull request can you please check and let me know if there are any changes or not.

https://github.com/WordPress/wordpress-develop/pull/4372

#2 @utsav72640
12 months ago

  • Version set to 6.2

#3 @mukesh27
12 months ago

  • Keywords has-patch added; dev-feedback removed
  • Milestone changed from Awaiting Review to 6.3
  • Summary changed from esc_url missing on wp-admin/includes/user.php file to Use esc_url in default_password_nag()
  • Type changed from defect (bug) to enhancement
  • Version changed from 6.2 to 2.8

#4 @mukesh27
12 months ago

Hi there!

Thanks for ticket and PR! PR look good to me and approved.

@SergeyBiryukov can you please take a look.

#5 @audrasjb
12 months ago

  • Component changed from General to Users
  • Keywords commit added

Hello and thanks for the ticket and patch,

As the result of get_edit_profile_url() can be filtered, let's escape it properly.

This ticket was mentioned in PR #4372 on WordPress/wordpress-develop by utsavtilava.


12 months ago
#6

esc_url missing on wp-admin/includes/user.php file

EDIT by @audrasjb: trac ticket: https://core.trac.wordpress.org/ticket/58182

#7 @audrasjb
12 months ago

  • Owner set to audrasjb
  • Resolution set to fixed
  • Status changed from new to closed

In 55682:

Coding Standards: Escape edit profile URL in default_password_nag().

Props utsav72640, mukesh27.
Fixes #58182.

Note: See TracTickets for help on using tickets.