Skip to content

Commit

Permalink
Coding Standards: Consistently escape form action URL in `wp-admin/up…
Browse files Browse the repository at this point in the history 
…date-core.php`.

Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.

git-svn-id: https://develop.svn.wordpress.org/trunk@51914 602fd350-edb4-49c9-b593-d223f7449a82
  • Loading branch information
@SergeyBiryukov
SergeyBiryukov committed Oct 17, 2021
1 parent d36e2dd commit d802fec
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/wp-admin/update-core.php
View file
Expand Up @@ -154,7 +154,7 @@ function list_core_update( $update ) {
echo $message;
echo '</p>';

echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
echo '<form method="post" action="' . esc_url( $form_action ) . '" name="upgrade" class="upgrade">';
wp_nonce_field( 'upgrade-core' );

echo '<p>';
Expand Down

0 comments on commit d802fec

Please sign in to comment.