[wp-trac] [WordPress Trac] #56329: Unescaped 'self_admin_url()' in themes-install.php and plugin-install.php file
WordPress Trac
noreply at wordpress.org
Thu Aug 4 18:37:59 UTC 2022
#56329: Unescaped 'self_admin_url()' in themes-install.php and plugin-install.php
file
-----------------------------+-------------------------------
Reporter: krishaweb | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.1
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses: coding-standards
-----------------------------+-------------------------------
Changes (by SergeyBiryukov):
* milestone: Awaiting Review => 6.1
Comment:
Hi there, thanks for the patch!
It looks like core is not super consistent with this, but we do escape
`self_admin_url()` in some other places, so might as well do it here. As
the function is filterable, adding the escaping would not hurt.
This would also be consistent with similar changes for `admin_url()` in
[51177] and `network_admin_url()` in [51189].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56329#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list