Skip to content

Commit f91a5fd

Browse files
committed
List tables: escape user e-mails
Merges [34133] for 4.3 branch Built from https://develop.svn.wordpress.org/branches/4.3@34137 git-svn-id: http://core.svn.wordpress.org/branches/4.3@34105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
1 parent 5fe5a0e commit f91a5fd

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

Diff for: wp-admin/includes/class-wp-ms-users-list-table.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ public function column_name( $user ) {
233233
* @param WP_User $user The current WP_User object.
234234
*/
235235
public function column_email( $user ) {
236-
echo "<a href='mailto:$user->user_email'>$user->user_email</a>";
236+
echo "<a href='" . esc_url( "mailto:$user->user_email" ) . "'>$user->user_email</a>";
237237
}
238238

239239
/**

Diff for: wp-admin/includes/class-wp-users-list-table.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -435,7 +435,7 @@ public function single_row( $user_object, $style = '', $role = '', $numposts = 0
435435
$r .= "$user_object->first_name $user_object->last_name";
436436
break;
437437
case 'email':
438-
$r .= "<a href='mailto:$email'>$email</a>";
438+
$r .= "<a href='" . esc_url( "mailto:$email" ) . "'>$email</a>";
439439
break;
440440
case 'role':
441441
$r .= $role_name;

0 commit comments

Comments
 (0)