Administration: Consistently escape admin_url() links.

Props chintan1896, mukesh27. Fixes #53426. Built from https://develop.svn.wordpress.org/trunk@51177 git-svn-id: http://core.svn.wordpress.org/trunk@50786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-06-17 14:37:00 +00:00
parent 1a5a8c23b8
commit 6a163e199a
15 changed files with 22 additions and 22 deletions
--- a/wp-admin/includes/image-edit.php
+++ b/wp-admin/includes/image-edit.php
@@ -90,7 +90,8 @@ function wp_image_editor( $post_id, $msg = false ) {
 		<input type="hidden" id="imgedit-y-<?php echo $post_id; ?>" value="<?php echo isset( $meta['height'] ) ? $meta['height'] : 0; ?>" />

 		<div id="imgedit-crop-<?php echo $post_id; ?>" class="imgedit-crop-wrap">
-		<img id="image-preview-<?php echo $post_id; ?>" onload="imageEdit.imgLoaded('<?php echo $post_id; ?>')" src="<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>?action=imgedit-preview&amp;_ajax_nonce=<?php echo $nonce; ?>&amp;postid=<?php echo $post_id; ?>&amp;rand=<?php echo rand( 1, 99999 ); ?>" alt="" />
+		<img id="image-preview-<?php echo $post_id; ?>" onload="imageEdit.imgLoaded('<?php echo $post_id; ?>')"
+			src="<?php echo esc_url( admin_url( 'admin-ajax.php', 'relative' ) ) . '?action=imgedit-preview&amp;_ajax_nonce=' . $nonce . '&amp;postid=' . $post_id . '&amp;rand=' . rand( 1, 99999 ); ?>" alt="" />
 		</div>

 		<div class="imgedit-submit">