From df05a5564fc630e00d7c1c1a754d0639510088cd Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Sat, 16 Nov 2024 23:15:29 +0000
Subject: [PATCH] Coding Standards: Escape attachment URL in
 `wp-admin/async-upload.php`.

Follow-up to [58279].

Props shyamkariya, pitamdey, nareshbheda, ketanniruke, desrosj.
Fixes #62434.
Built from https://develop.svn.wordpress.org/trunk@59407


git-svn-id: http://core.svn.wordpress.org/trunk@58793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/async-upload.php | 4 +++-
 wp-includes/version.php   | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/wp-admin/async-upload.php b/wp-admin/async-upload.php
index 551f854b5a..a146f6a48a 100644
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -74,7 +74,9 @@ if ( isset( $_REQUEST['attachment_id'] ) && (int) $_REQUEST['attachment_id'] &&
 							}
 							?>
 							<span class="media-item-copy-container copy-to-clipboard-container edit-attachment">
-								<button type="button" class="button button-small copy-attachment-url" data-clipboard-text="<?php echo $file_url; ?>"><?php _e( 'Copy URL to clipboard' ); ?></button>
+								<button type="button" class="button button-small copy-attachment-url"
+									data-clipboard-text="<?php echo esc_url( $file_url ); ?>"
+								><?php _e( 'Copy URL to clipboard' ); ?></button>
 								<span class="success hidden" aria-hidden="true"><?php _e( 'Copied!' ); ?></span>
 							</span>
 						</div>
diff --git a/wp-includes/version.php b/wp-includes/version.php
index ee9965b163..3cb0e7cf56 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.8-alpha-59406';
+$wp_version = '6.8-alpha-59407';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.