Skip to content

Commit 1d65ad6

Browse files
committed
escape url after add_query_arg
1 parent 897a214 commit 1d65ad6

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: shibboleth.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -460,7 +460,7 @@ function shibboleth_update_user_data($user_id, $force_update = false) {
460460
function shibboleth_login_form() {
461461
$login_url = add_query_arg('action', 'shibboleth');
462462
$login_url = remove_query_arg('reauth', $login_url);
463-
echo '<p id="shibboleth_login"><a href="' . $login_url . '">' . __('Login with Shibboleth', 'shibboleth') . '</a></p>';
463+
echo '<p id="shibboleth_login"><a href="' . esc_url($login_url) . '">' . __('Login with Shibboleth', 'shibboleth') . '</a></p>';
464464
}
465465
add_action('login_form', 'shibboleth_login_form');
466466

0 commit comments

Comments
 (0)