Skip to content
Permalink
Browse files

escape url after add_query_arg

  • Loading branch information...
mitcho committed Mar 20, 2016
1 parent 897a214 commit 1d65ad6786282d23ba1865f56e2fd19188e7c26a
Showing with 1 addition and 1 deletion.
  1. +1 −1 shibboleth.php
@@ -460,7 +460,7 @@ function shibboleth_update_user_data($user_id, $force_update = false) {
function shibboleth_login_form() {
$login_url = add_query_arg('action', 'shibboleth');
$login_url = remove_query_arg('reauth', $login_url);
echo '<p id="shibboleth_login"><a href="' . $login_url . '">' . __('Login with Shibboleth', 'shibboleth') . '</a></p>';
echo '<p id="shibboleth_login"><a href="' . esc_url($login_url) . '">' . __('Login with Shibboleth', 'shibboleth') . '</a></p>';
}
add_action('login_form', 'shibboleth_login_form');

1 comment on commit 1d65ad6

@carnil

This comment has been minimized.

Copy link

commented on 1d65ad6 Sep 12, 2017

CVE-2017-14313

Please sign in to comment.
You can’t perform that action at this time.