vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Coding standards: Properly escape URLs returned by self_admin_url() calls.

Browse Source 
Props krishaweb, audrasjb, SergeyBiryukov.
Fixes #56329.


git-svn-id: https://develop.svn.wordpress.org/trunk@53839 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jb Audras
2022-08-05 05:58:01 +00:00
parent b96a51c529
commit ad03949f7b
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-admin/includes/plugin-install.php
View File

@@ -342,7 +342,7 @@ function install_plugins_upload() {
?>
<div class="upload-plugin">
<p class="install-help"><?php _e( 'If you have a plugin in a .zip format, you may install or update it by uploading it here.' ); ?></p>
<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url( 'update.php?action=upload-plugin' ); ?>">
<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo esc_url( self_admin_url( 'update.php?action=upload-plugin' ) ); ?>">
<?php wp_nonce_field( 'plugin-upload' ); ?>
<label class="screen-reader-text" for="pluginzip"><?php _e( 'Plugin zip file' ); ?></label>
<input type="file" id="pluginzip" name="pluginzip" accept=".zip" />