WordPress.org

Make WordPress Core

Opened 25 hours ago

Closed 74 minutes ago

#54278 closed defect (bug) (fixed)

Properly escape form action url

Reported by: sabbirshouvo Owned by: SergeyBiryukov
Milestone: 5.9 Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords: has-patch commit
Focuses: coding-standards Cc:

Description

In wp-admin/update-core.php there are 4 forms with action. Thress of them has form action with properly escaped URL. One of them is missing URL escaping while the value of action for all of them is the same.

Attachments (1)

54278.diff (519 bytes) - added by sabbirshouvo 25 hours ago.

Download all attachments as: .zip

Change History (4)

@sabbirshouvo
25 hours ago

#1 @sabbirshouvo
25 hours ago

  • Component changed from General to Upgrade/Install

#2 @mukesh27
11 hours ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 5.9
  • Version trunk deleted

Hi there, thanks for the ticket and patch!

The patch looks good to me and ready to marge.

Moving to milestone 5.9 and marking for commit.

#3 @SergeyBiryukov
74 minutes ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 51914:

Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.

Follow-up to [10166], [23739], [25806].

Props sabbirshouvo, mukesh27.
Fixes #54278.

Note: See TracTickets for help on using tickets.