Coding Standards: Consistently escape form action URL in `wp-admin/update-core.php`.

Follow-up to [10166], [23739], [25806]. Props sabbirshouvo, mukesh27. Fixes #54278. Built from https://develop.svn.wordpress.org/trunk@51914 git-svn-id: http://core.svn.wordpress.org/trunk@51507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-10-17 20:31:02 +00:00 · 2021-10-17 20:31:02 +00:00 · cea5785cdb
parent 8447683474
commit cea5785cdb
2 changed files with 2 additions and 2 deletions
--- a/wp-admin/update-core.php
+++ b/wp-admin/update-core.php
@ -154,7 +154,7 @@ function list_core_update( $update ) {
 	echo $message;
 	echo '</p>';
-	echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
+	echo '<form method="post" action="' . esc_url( $form_action ) . '" name="upgrade" class="upgrade">';
 	wp_nonce_field( 'upgrade-core' );
 	echo '<p>';
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -16,7 +16,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.9-alpha-51913';
+$wp_version = '5.9-alpha-51914';
 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.