Use esc_url() rather than esc_attr() on a redirect-to URL. fixes #17243.

git-svn-id: http://svn.automattic.com/wordpress/trunk@19033 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2011-10-20 23:41:07 +00:00
parent dbfc8a855c
commit 50997f28b1
1 changed files with 2 additions and 2 deletions

View File

@ -252,7 +252,7 @@ function wp_login_form( $args = array() ) {
$args = wp_parse_args( $args, apply_filters( 'login_form_defaults', $defaults ) ); $args = wp_parse_args( $args, apply_filters( 'login_form_defaults', $defaults ) );
$form = ' $form = '
<form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . site_url( 'wp-login.php', 'login_post' ) . '" method="post"> <form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . esc_url( site_url( 'wp-login.php', 'login_post' ) ) . '" method="post">
' . apply_filters( 'login_form_top', '', $args ) . ' ' . apply_filters( 'login_form_top', '', $args ) . '
<p class="login-username"> <p class="login-username">
<label for="' . esc_attr( $args['id_username'] ) . '">' . esc_html( $args['label_username'] ) . '</label> <label for="' . esc_attr( $args['id_username'] ) . '">' . esc_html( $args['label_username'] ) . '</label>
@ -266,7 +266,7 @@ function wp_login_form( $args = array() ) {
' . ( $args['remember'] ? '<p class="login-remember"><label><input name="rememberme" type="checkbox" id="' . esc_attr( $args['id_remember'] ) . '" value="forever" tabindex="90"' . ( $args['value_remember'] ? ' checked="checked"' : '' ) . ' /> ' . esc_html( $args['label_remember'] ) . '</label></p>' : '' ) . ' ' . ( $args['remember'] ? '<p class="login-remember"><label><input name="rememberme" type="checkbox" id="' . esc_attr( $args['id_remember'] ) . '" value="forever" tabindex="90"' . ( $args['value_remember'] ? ' checked="checked"' : '' ) . ' /> ' . esc_html( $args['label_remember'] ) . '</label></p>' : '' ) . '
<p class="login-submit"> <p class="login-submit">
<input type="submit" name="wp-submit" id="' . esc_attr( $args['id_submit'] ) . '" class="button-primary" value="' . esc_attr( $args['label_log_in'] ) . '" tabindex="100" /> <input type="submit" name="wp-submit" id="' . esc_attr( $args['id_submit'] ) . '" class="button-primary" value="' . esc_attr( $args['label_log_in'] ) . '" tabindex="100" />
<input type="hidden" name="redirect_to" value="' . esc_attr( $args['redirect'] ) . '" /> <input type="hidden" name="redirect_to" value="' . esc_url( $args['redirect'] ) . '" />
</p> </p>
' . apply_filters( 'login_form_bottom', '', $args ) . ' ' . apply_filters( 'login_form_bottom', '', $args ) . '
</form>'; </form>';