Administration: Consistently escape `admin_url()` links.

Props chintan1896, mukesh27.
Fixes #53426.
Built from https://develop.svn.wordpress.org/trunk@51177


git-svn-id: http://core.svn.wordpress.org/trunk@50786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-06-17 14:37:00 +00:00
parent 1a5a8c23b8
commit 6a163e199a
15 changed files with 22 additions and 22 deletions

View File

@ -23,7 +23,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<div class="about__header"> <div class="about__header">
<div class="about__header-image"> <div class="about__header-image">
<img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo admin_url( 'images/about-badge.svg' ); ?>" /> <img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo esc_url( admin_url( 'images/about-badge.svg' ) ); ?>" />
</div> </div>
<div class="about__header-title"> <div class="about__header-title">
@ -179,8 +179,8 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<div class="about__section has-subtle-background-color"> <div class="about__section has-subtle-background-color">
<div class="column about__image"> <div class="column about__image">
<picture> <picture>
<source media="(max-width: 600px)" srcset="<?php echo admin_url( 'images/about-color-palette-vert.svg' ); ?>" /> <source media="(max-width: 600px)" srcset="<?php echo esc_url( admin_url( 'images/about-color-palette-vert.svg' ) ); ?>" />
<img alt="" src="<?php echo admin_url( 'images/about-color-palette.svg' ); ?>" /> <img alt="" src="<?php echo esc_url( admin_url( 'images/about-color-palette.svg' ) ); ?>" />
</picture> </picture>
</div> </div>
</div> </div>

View File

@ -232,7 +232,7 @@ switch ( $action ) {
<th scope="row"><?php /* translators: Field name in comment form. */ _ex( 'Comment', 'noun' ); ?></th> <th scope="row"><?php /* translators: Field name in comment form. */ _ex( 'Comment', 'noun' ); ?></th>
<td class="comment-content"> <td class="comment-content">
<?php comment_text( $comment ); ?> <?php comment_text( $comment ); ?>
<p class="edit-comment"><a href="<?php echo admin_url( "comment.php?action=editcomment&amp;c={$comment->comment_ID}" ); ?>"><?php esc_html_e( 'Edit' ); ?></a></p> <p class="edit-comment"><a href="<?php echo esc_url( admin_url( "comment.php?action=editcomment&c={$comment->comment_ID}" ) ); ?>"><?php esc_html_e( 'Edit' ); ?></a></p>
</td> </td>
</tr> </tr>
</table> </table>
@ -241,7 +241,7 @@ switch ( $action ) {
<p> <p>
<?php submit_button( $button, 'primary', 'submit', false ); ?> <?php submit_button( $button, 'primary', 'submit', false ); ?>
<a href="<?php echo admin_url( 'edit-comments.php' ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a> <a href="<?php echo esc_url( admin_url( 'edit-comments.php' ) ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a>
</p> </p>
<?php wp_nonce_field( $nonce_action ); ?> <?php wp_nonce_field( $nonce_action ); ?>

View File

@ -22,7 +22,7 @@ $credits = wp_credits();
<div class="about__header"> <div class="about__header">
<div class="about__header-image"> <div class="about__header-image">
<img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo admin_url( 'images/about-badge.svg' ); ?>" /> <img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo esc_url( admin_url( 'images/about-badge.svg' ) ); ?>" />
</div> </div>
<div class="about__header-container"> <div class="about__header-container">

View File

@ -300,7 +300,7 @@ do_action( "{$taxonomy}_edit_form", $tag, $taxonomy );
<?php if ( current_user_can( 'delete_term', $tag->term_id ) ) : ?> <?php if ( current_user_can( 'delete_term', $tag->term_id ) ) : ?>
<span id="delete-link"> <span id="delete-link">
<a class="delete" href="<?php echo admin_url( wp_nonce_url( "edit-tags.php?action=delete&taxonomy=$taxonomy&tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ) ); ?>"><?php _e( 'Delete' ); ?></a> <a class="delete" href="<?php echo esc_url( admin_url( wp_nonce_url( "edit-tags.php?action=delete&taxonomy=$taxonomy&tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ) ) ); ?>"><?php _e( 'Delete' ); ?></a>
</span> </span>
<?php endif; ?> <?php endif; ?>

View File

@ -25,7 +25,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<div class="about__header"> <div class="about__header">
<div class="about__header-image"> <div class="about__header-image">
<img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo admin_url( 'images/about-badge.svg' ); ?>" /> <img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo esc_url( admin_url( 'images/about-badge.svg' ) ); ?>" />
</div> </div>
<div class="about__header-container"> <div class="about__header-container">

View File

@ -1996,7 +1996,7 @@ function wp_welcome_panel() {
<h3><?php _e( 'Get Started' ); ?></h3> <h3><?php _e( 'Get Started' ); ?></h3>
<a class="button button-primary button-hero load-customize hide-if-no-customize" href="<?php echo wp_customize_url(); ?>"><?php _e( 'Customize Your Site' ); ?></a> <a class="button button-primary button-hero load-customize hide-if-no-customize" href="<?php echo wp_customize_url(); ?>"><?php _e( 'Customize Your Site' ); ?></a>
<?php endif; ?> <?php endif; ?>
<a class="button button-primary button-hero hide-if-customize" href="<?php echo admin_url( 'themes.php' ); ?>"><?php _e( 'Customize Your Site' ); ?></a> <a class="button button-primary button-hero hide-if-customize" href="<?php echo esc_url( admin_url( 'themes.php' ) ); ?>"><?php _e( 'Customize Your Site' ); ?></a>
<?php if ( current_user_can( 'install_themes' ) || ( current_user_can( 'switch_themes' ) && count( wp_get_themes( array( 'allowed' => true ) ) ) > 1 ) ) : ?> <?php if ( current_user_can( 'install_themes' ) || ( current_user_can( 'switch_themes' ) && count( wp_get_themes( array( 'allowed' => true ) ) ) > 1 ) ) : ?>
<?php $themes_link = current_user_can( 'customize' ) ? add_query_arg( 'autofocus[panel]', 'themes', admin_url( 'customize.php' ) ) : admin_url( 'themes.php' ); ?> <?php $themes_link = current_user_can( 'customize' ) ? add_query_arg( 'autofocus[panel]', 'themes', admin_url( 'customize.php' ) ) : admin_url( 'themes.php' ); ?>
<p class="hide-if-no-customize"> <p class="hide-if-no-customize">

View File

@ -90,7 +90,8 @@ function wp_image_editor( $post_id, $msg = false ) {
<input type="hidden" id="imgedit-y-<?php echo $post_id; ?>" value="<?php echo isset( $meta['height'] ) ? $meta['height'] : 0; ?>" /> <input type="hidden" id="imgedit-y-<?php echo $post_id; ?>" value="<?php echo isset( $meta['height'] ) ? $meta['height'] : 0; ?>" />
<div id="imgedit-crop-<?php echo $post_id; ?>" class="imgedit-crop-wrap"> <div id="imgedit-crop-<?php echo $post_id; ?>" class="imgedit-crop-wrap">
<img id="image-preview-<?php echo $post_id; ?>" onload="imageEdit.imgLoaded('<?php echo $post_id; ?>')" src="<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>?action=imgedit-preview&amp;_ajax_nonce=<?php echo $nonce; ?>&amp;postid=<?php echo $post_id; ?>&amp;rand=<?php echo rand( 1, 99999 ); ?>" alt="" /> <img id="image-preview-<?php echo $post_id; ?>" onload="imageEdit.imgLoaded('<?php echo $post_id; ?>')"
src="<?php echo esc_url( admin_url( 'admin-ajax.php', 'relative' ) ) . '?action=imgedit-preview&amp;_ajax_nonce=' . $nonce . '&amp;postid=' . $post_id . '&amp;rand=' . rand( 1, 99999 ); ?>" alt="" />
</div> </div>
<div class="imgedit-submit"> <div class="imgedit-submit">

View File

@ -72,7 +72,7 @@ if ( get_user_setting( 'uploader' ) || isset( $_GET['browser-uploader'] ) ) {
<div class="wrap"> <div class="wrap">
<h1><?php echo esc_html( $title ); ?></h1> <h1><?php echo esc_html( $title ); ?></h1>
<form enctype="multipart/form-data" method="post" action="<?php echo admin_url( 'media-new.php' ); ?>" class="<?php echo esc_attr( $form_class ); ?>" id="file-form"> <form enctype="multipart/form-data" method="post" action="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="<?php echo esc_attr( $form_class ); ?>" id="file-form">
<?php media_upload_form(); ?> <?php media_upload_form(); ?>

View File

@ -689,7 +689,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<hr class="wp-header-end"> <hr class="wp-header-end">
<nav class="nav-tab-wrapper wp-clearfix" aria-label="<?php esc_attr_e( 'Secondary menu' ); ?>"> <nav class="nav-tab-wrapper wp-clearfix" aria-label="<?php esc_attr_e( 'Secondary menu' ); ?>">
<a href="<?php echo admin_url( 'nav-menus.php' ); ?>" class="nav-tab<?php echo $nav_tab_active_class; ?>"<?php echo $nav_aria_current; ?>><?php esc_html_e( 'Edit Menus' ); ?></a> <a href="<?php echo esc_url( admin_url( 'nav-menus.php' ) ); ?>" class="nav-tab<?php echo $nav_tab_active_class; ?>"<?php echo $nav_aria_current; ?>><?php esc_html_e( 'Edit Menus' ); ?></a>
<?php <?php
if ( $num_locations && $menu_count ) { if ( $num_locations && $menu_count ) {
$active_tab_class = ''; $active_tab_class = '';
@ -840,7 +840,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<span class="screen-reader-text"><?php _e( 'Click the Save Menu button to save your changes.' ); ?></span> <span class="screen-reader-text"><?php _e( 'Click the Save Menu button to save your changes.' ); ?></span>
</span><!-- /add-edit-menu-action --> </span><!-- /add-edit-menu-action -->
<?php else : ?> <?php else : ?>
<form method="get" action="<?php echo admin_url( 'nav-menus.php' ); ?>"> <form method="get" action="<?php echo esc_url( admin_url( 'nav-menus.php' ) ); ?>">
<input type="hidden" name="action" value="edit" /> <input type="hidden" name="action" value="edit" />
<label for="select-menu-to-edit" class="selected-menu"><?php _e( 'Select a menu to edit:' ); ?></label> <label for="select-menu-to-edit" class="selected-menu"><?php _e( 'Select a menu to edit:' ); ?></label>
<select name="menu" id="select-menu-to-edit"> <select name="menu" id="select-menu-to-edit">

View File

@ -19,7 +19,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<div class="about__header"> <div class="about__header">
<div class="about__header-image"> <div class="about__header-image">
<img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo admin_url( 'images/about-badge.svg' ); ?>" /> <img alt="<?php _e( 'Code is Poetry' ); ?>" src="<?php echo esc_url( admin_url( 'images/about-badge.svg' ) ); ?>" />
</div> </div>
<div class="about__header-container"> <div class="about__header-container">

View File

@ -250,7 +250,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
</h1> </h1>
<?php if ( ! is_multisite() && current_user_can( 'install_themes' ) ) : ?> <?php if ( ! is_multisite() && current_user_can( 'install_themes' ) ) : ?>
<a href="<?php echo admin_url( 'theme-install.php' ); ?>" class="hide-if-no-js page-title-action"><?php echo esc_html_x( 'Add New', 'theme' ); ?></a> <a href="<?php echo esc_url( admin_url( 'theme-install.php' ) ); ?>" class="hide-if-no-js page-title-action"><?php echo esc_html_x( 'Add New', 'theme' ); ?></a>
<?php endif; ?> <?php endif; ?>
<form class="search-form"></form> <form class="search-form"></form>

View File

@ -87,7 +87,7 @@ if ( 'grid' === $mode ) {
<?php <?php
if ( current_user_can( 'upload_files' ) ) { if ( current_user_can( 'upload_files' ) ) {
?> ?>
<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a> <a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
<?php <?php
} }
?> ?>
@ -272,7 +272,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
<?php <?php
if ( current_user_can( 'upload_files' ) ) { if ( current_user_can( 'upload_files' ) ) {
?> ?>
<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a> <a href="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a>
<?php <?php
} }

View File

@ -617,9 +617,9 @@ switch ( $wp_list_table->current_action() ) {
<?php <?php
if ( current_user_can( 'create_users' ) ) { if ( current_user_can( 'create_users' ) ) {
?> ?>
<a href="<?php echo admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a> <a href="<?php echo esc_url( admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
<?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?> <?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?>
<a href="<?php echo admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add Existing', 'user' ); ?></a> <a href="<?php echo esc_url( admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add Existing', 'user' ); ?></a>
<?php <?php
} }

View File

@ -86,11 +86,10 @@ class WP_Embed {
if ( ! $post || empty( $_GET['message'] ) ) { if ( ! $post || empty( $_GET['message'] ) ) {
return; return;
} }
?> ?>
<script type="text/javascript"> <script type="text/javascript">
jQuery(document).ready(function($){ jQuery(document).ready(function($){
$.get("<?php echo admin_url( 'admin-ajax.php?action=oembed-cache&post=' . $post->ID, 'relative' ); ?>"); $.get("<?php echo esc_url( admin_url( 'admin-ajax.php', 'relative' ) ) . '?action=oembed-cache&post=' . $post->ID; ?>");
}); });
</script> </script>
<?php <?php

View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.8-beta2-51176'; $wp_version = '5.8-beta2-51177';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.