WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Administration: Consistently escape `network_admin_url()` links. 

Follow-up to [51177].

Props chintan1896, mukesh27.
Fixes #53459.
Built from https://develop.svn.wordpress.org/trunk@51189


git-svn-id: http://core.svn.wordpress.org/trunk@50798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-06-21 04:30:56 +00:00
parent ca5f990078
commit 19f8ac491d
9 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/includes/dashboard.php
View File

@ -484,7 +484,7 @@ function wp_network_dashboard_right_now() {
do_action( 'wpmuadminresult' );
?>
<form action="<?php echo network_admin_url( 'users.php' ); ?>" method="get">
<form action="<?php echo esc_url( network_admin_url( 'users.php' ) ); ?>" method="get">
<p>
<label class="screen-reader-text" for="search-users"><?php _e( 'Search Users' ); ?></label>
<input type="search" name="s" value="" size="30" autocomplete="off" id="search-users" />
@ -492,7 +492,7 @@ function wp_network_dashboard_right_now() {
</p>
</form>
<form action="<?php echo network_admin_url( 'sites.php' ); ?>" method="get">
<form action="<?php echo esc_url( network_admin_url( 'sites.php' ) ); ?>" method="get">
<p>
<label class="screen-reader-text" for="search-sites"><?php _e( 'Search Sites' ); ?></label>
<input type="search" name="s" value="" size="30" autocomplete="off" id="search-sites" />

2
wp-admin/includes/template.php
View File

@ -972,7 +972,7 @@ function wp_import_upload_form( $action ) {
?>
<div class="error"><p><?php _e( 'Before you can upload your import file, you will need to fix the following error:' ); ?></p>
<p><strong><?php echo $upload_dir['error']; ?></strong></p></div>
<?php
<?php
else :
?>
<form enctype="multipart/form-data" id="import-upload-form" method="post" class="wp-upload-form" action="<?php echo esc_url( wp_nonce_url( $action, 'import-upload' ) ); ?>">

2
wp-admin/network/site-new.php
View File

@ -201,7 +201,7 @@ printf(
);
?>
</p>
<form method="post" action="<?php echo network_admin_url( 'site-new.php?action=add-site' ); ?>" novalidate="novalidate">
<form method="post" action="<?php echo esc_url( network_admin_url( 'site-new.php?action=add-site' ) ); ?>" novalidate="novalidate">
<?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ); ?>
<table class="form-table" role="presentation">
<tr class="form-field form-required">

2
wp-admin/network/site-users.php
View File

@ -330,7 +330,7 @@ if ( current_user_can( 'promote_users' ) && apply_filters( 'show_network_site_us
if ( current_user_can( 'create_users' ) && apply_filters( 'show_network_site_users_add_new_form', true ) ) :
?>
<h2 id="add-new-user"><?php _e( 'Add New User' ); ?></h2>
<form action="<?php echo network_admin_url( 'site-users.php?action=newuser' ); ?>" id="newuser" method="post">
<form action="<?php echo esc_url( network_admin_url( 'site-users.php?action=newuser' ) ); ?>" id="newuser" method="post">
<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
<table class="form-table" role="presentation">
<tr>

2
wp-admin/network/sites.php
View File

@ -366,7 +366,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<h1 class="wp-heading-inline"><?php _e( 'Sites' ); ?></h1>
<?php if ( current_user_can( 'create_sites' ) ) : ?>
<a href="<?php echo network_admin_url( 'site-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
<a href="<?php echo esc_url( network_admin_url( 'site-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
<?php endif; ?>
<?php

2
wp-admin/network/user-new.php
View File

@ -122,7 +122,7 @@ if ( isset( $add_user_errors ) && is_wp_error( $add_user_errors ) ) {
?>
</div>
<?php } ?>
<form action="<?php echo network_admin_url( 'user-new.php?action=add-user' ); ?>" id="adduser" method="post" novalidate="novalidate">
<form action="<?php echo esc_url( network_admin_url( 'user-new.php?action=add-user' ) ); ?>" id="adduser" method="post" novalidate="novalidate">
<table class="form-table" role="presentation">
<tr class="form-field form-required">
<th scope="row"><label for="username"><?php _e( 'Username' ); ?></label></th>

4
wp-admin/network/users.php
View File

@ -273,8 +273,8 @@ if ( isset( $_REQUEST['updated'] ) && 'true' == $_REQUEST['updated'] && ! empty(
<?php
if ( current_user_can( 'create_users' ) ) :
?>
<a href="<?php echo network_admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
<?php
<a href="<?php echo esc_url( network_admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
<?php
endif;
if ( strlen( $usersearch ) ) {

2
wp-admin/upload.php
View File

@ -88,7 +88,7 @@ if ( 'grid' === $mode ) {
if ( current_user_can( 'upload_files' ) ) {
?>
<a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
<?php
<?php
}
?>

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.8-beta2-51188';
$wp_version = '5.8-beta2-51189';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.