mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 07:40:07 +00:00
Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.
Follow-up to [10166], [23739], [25806]. Props sabbirshouvo, mukesh27. Fixes #54278. git-svn-id: https://develop.svn.wordpress.org/trunk@51914 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -154,7 +154,7 @@ function list_core_update( $update ) {
|
||||
echo $message;
|
||||
echo '</p>';
|
||||
|
||||
echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
|
||||
echo '<form method="post" action="' . esc_url( $form_action ) . '" name="upgrade" class="upgrade">';
|
||||
wp_nonce_field( 'upgrade-core' );
|
||||
|
||||
echo '<p>';
|
||||
|
||||
Reference in New Issue
Block a user