Coding Standards: Use correct escaping function for wp_http_referer.

Follow-up to [58069]. Props yogeshbhutkar, sainathpoojary, PcTevree, knutsp, siliconforks, stromhalm, shanemuir. Fixes #62551. git-svn-id: https://develop.svn.wordpress.org/trunk@59496 602fd350-edb4-49c9-b593-d223f7449a82
anton-vlasenko · Dec 6, 2024 · 1b1e35d · 1b1e35d
1 parent d45a119
commit 1b1e35d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/wp-admin/edit-tag-form.php b/src/wp-admin/edit-tag-form.php
@@ -44,7 +44,7 @@
 	do_action_deprecated( 'edit_tag_form_pre', array( $tag ), '3.0.0', '{$taxonomy}_pre_edit_form' );
 }
 
-$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';
+$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_url( $_REQUEST['wp_http_referer'] ) : '';
 $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer );
 
 // Also used by Edit Tags.

diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php
@@ -14,7 +14,7 @@
 
 $action          = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
 $user_id         = ! empty( $_REQUEST['user_id'] ) ? absint( $_REQUEST['user_id'] ) : 0;
-$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';
+$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_url( $_REQUEST['wp_http_referer'] ) : '';
 
 $current_user = wp_get_current_user();