Themes: Properly escape home_url() when changing and updating themes.

Props obayedmamur, hurayraiit, costdev, shraboni, msnewas. Fixes #56145. git-svn-id: https://develop.svn.wordpress.org/trunk@53677 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2022-07-06 19:44:43 +00:00
parent e942983c4b
commit e94cd298c6
1 changed files with 2 additions and 2 deletions
--- a/src/wp-admin/themes.php
+++ b/src/wp-admin/themes.php
@@ -266,11 +266,11 @@ if ( ! validate_current_theme() || isset( $_GET['broken'] ) ) {
 } elseif ( isset( $_GET['activated'] ) ) {
 	if ( isset( $_GET['previewed'] ) ) {
 		?>
-		<div id="message2" class="updated notice is-dismissible"><p><?php _e( 'Settings saved and theme activated.' ); ?> <a href="<?php echo home_url( '/' ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
+		<div id="message2" class="updated notice is-dismissible"><p><?php _e( 'Settings saved and theme activated.' ); ?> <a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
 		<?php
 	} else {
 		?>
-		<div id="message2" class="updated notice is-dismissible"><p><?php _e( 'New theme activated.' ); ?> <a href="<?php echo home_url( '/' ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
+		<div id="message2" class="updated notice is-dismissible"><p><?php _e( 'New theme activated.' ); ?> <a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php _e( 'Visit site' ); ?></a></p></div>
 		<?php
 	}
 } elseif ( isset( $_GET['deleted'] ) ) {