Coding Standards: Consistently escape form action URL in wp-admin/update-core.php.

Follow-up to [10166], [23739], [25806]. Props sabbirshouvo, mukesh27. Fixes #54278. git-svn-id: https://develop.svn.wordpress.org/trunk@51914 602fd350-edb4-49c9-b593-d223f7449a82
2025-04-12 16:15:07 +02:00 · 2021-10-17 20:29:58 +00:00 · 2021-10-17 20:29:58 +00:00 · d802fecf97
commit d802fecf97
parent d36e2dd621
1 changed files with 1 additions and 1 deletions
--- a/src/wp-admin/update-core.php
+++ b/src/wp-admin/update-core.php
@ -154,7 +154,7 @@ function list_core_update( $update ) {
 	echo $message;
 	echo '</p>';

-	echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">';
+	echo '<form method="post" action="' . esc_url( $form_action ) . '" name="upgrade" class="upgrade">';
 	wp_nonce_field( 'upgrade-core' );

 	echo '<p>';