From 469d1a309957f28e14ee5f534c8128d4be991c64 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@boren.nu>
Date: Mon, 18 Mar 2013 14:01:25 +0000
Subject: [PATCH] Escape form action urls with esc_url() rather than
 esc_attr().

Props SergeyBiryukov
fixes #23266


git-svn-id: http://core.svn.wordpress.org/trunk@23739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/file.php     | 2 +-
 wp-admin/includes/media.php    | 8 ++++----
 wp-admin/includes/template.php | 2 +-
 wp-admin/media-new.php         | 2 +-
 wp-admin/update-core.php       | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index 16b5cea7ea..00ddc37863 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -979,7 +979,7 @@ jQuery(function($){
 });
 -->
 </script>
-<form action="<?php echo $form_post ?>" method="post">
+<form action="<?php echo esc_url( $form_post ) ?>" method="post">
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php _e('Connection Information') ?></h2>
diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index c58b2d7b9f..500a7ea3c5 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -1602,7 +1602,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
 		$form_class .= ' html-uploader';
 ?>
 
-<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form">
 <?php submit_button( '', 'hidden', 'save', false ); ?>
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>
@@ -1667,7 +1667,7 @@ function media_upload_type_url_form($type = null, $errors = null, $id = null) {
 		$form_class .= ' html-uploader';
 ?>
 
-<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form">
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>
 
@@ -1818,7 +1818,7 @@ jQuery(function($){
 <a href="#" id="desc"><?php _e('Descending'); ?></a> |
 <a href="#" id="clear"><?php _ex('Clear', 'verb'); ?></a>
 </div>
-<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="gallery-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="gallery-form">
 <?php wp_nonce_field('media-form'); ?>
 <?php //media_upload_form( $errors ); ?>
 <table class="widefat" cellspacing="0">
@@ -2058,7 +2058,7 @@ foreach ($arc_result as $arc_row) {
 </div>
 </form>
 
-<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="library-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="library-form">
 
 <?php wp_nonce_field('media-form'); ?>
 <?php //media_upload_form( $errors ); ?>
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 83249fec73..540df71947 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -785,7 +785,7 @@ function wp_import_upload_form( $action ) {
 		<p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php
 	else :
 ?>
-<form enctype="multipart/form-data" id="import-upload-form" method="post" class="wp-upload-form" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>">
+<form enctype="multipart/form-data" id="import-upload-form" method="post" class="wp-upload-form" action="<?php echo esc_url( wp_nonce_url( $action, 'import-upload' ) ); ?>">
 <p>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
 <input type="file" id="upload" name="import" size="25" />
diff --git a/wp-admin/media-new.php b/wp-admin/media-new.php
index c6a7ae1415..e428811957 100644
--- a/wp-admin/media-new.php
+++ b/wp-admin/media-new.php
@@ -68,7 +68,7 @@ if ( get_user_setting('uploader') || isset( $_GET['browser-uploader'] ) )
 	<?php screen_icon(); ?>
 	<h2><?php echo esc_html( $title ); ?></h2>
 
-	<form enctype="multipart/form-data" method="post" action="<?php echo admin_url('media-new.php'); ?>" class="<?php echo $form_class; ?>" id="file-form">
+	<form enctype="multipart/form-data" method="post" action="<?php echo admin_url('media-new.php'); ?>" class="<?php echo esc_attr( $form_class ); ?>" id="file-form">
 
 	<?php media_upload_form(); ?>
 
diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php
index ba57da5a58..c8f5877429 100644
--- a/wp-admin/update-core.php
+++ b/wp-admin/update-core.php
@@ -188,7 +188,7 @@ function list_plugin_updates() {
 	?>
 <h3><?php _e( 'Plugins' ); ?></h3>
 <p><?php _e( 'The following plugins have new versions available. Check the ones you want to update and then click &#8220;Update Plugins&#8221;.' ); ?></p>
-<form method="post" action="<?php echo $form_action; ?>" name="upgrade-plugins" class="upgrade">
+<form method="post" action="<?php echo esc_url( $form_action ); ?>" name="upgrade-plugins" class="upgrade">
 <?php wp_nonce_field('upgrade-core'); ?>
 <p><input id="upgrade-plugins" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p>
 <table class="widefat" cellspacing="0" id="update-plugins-table">
@@ -266,7 +266,7 @@ function list_theme_updates() {
 <h3><?php _e( 'Themes' ); ?></h3>
 <p><?php _e( 'The following themes have new versions available. Check the ones you want to update and then click &#8220;Update Themes&#8221;.' ); ?></p>
 <p><?php printf( __('<strong>Please Note:</strong> Any customizations you have made to theme files will be lost. Please consider using <a href="%s">child themes</a> for modifications.'), _x('http://codex.wordpress.org/Child_Themes', 'Link used in suggestion to use child themes in GUU') ); ?></p>
-<form method="post" action="<?php echo $form_action; ?>" name="upgrade-themes" class="upgrade">
+<form method="post" action="<?php echo esc_url( $form_action ); ?>" name="upgrade-themes" class="upgrade">
 <?php wp_nonce_field('upgrade-core'); ?>
 <p><input id="upgrade-themes" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p>
 <table class="widefat" cellspacing="0" id="update-themes-table">