Skip to content
Permalink
Browse files Browse the repository at this point in the history
debug-bar: Security: prevent reflective xss in older browsers by esca…
…ping output generated by URL-less add_query_arg call props batmoo.

Imported from https://plugins.trac.wordpress.org/changeset/713401/debug-bar
  • Loading branch information
westi committed May 15, 2013
1 parent d255979 commit 0842af8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion panels/class-debug-bar-queries.php
Expand Up @@ -25,7 +25,7 @@ function render() {
$show_many = isset($_GET['debug_queries']);

if ( $wpdb->num_queries > 500 && !$show_many )
$out .= "<p>" . sprintf( __('There are too many queries to show easily! <a href="%s">Show them anyway</a>', 'debug-bar'), add_query_arg( 'debug_queries', 'true' ) ) . "</p>";
$out .= "<p>" . sprintf( __('There are too many queries to show easily! <a href="%s">Show them anyway</a>', 'debug-bar'), esc_url( add_query_arg( 'debug_queries', 'true' ) ) ) . "</p>";

$out .= '<ol class="wpd-queries">';
$counter = 0;
Expand Down

0 comments on commit 0842af8

Please sign in to comment.