Wordpress 3.6

[autoinstalls/wordpress.git] / wp-admin / upgrade.php

diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php
index 9a632ef05c8fc4be81cfc3dd04ea9f3ccae72fa1..b04287735d6611cb4b14f263c882bf4944fa092e 100644 (file)
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -58,7 +58,7 @@ else
        ?>
 </head>
 <body class="wp-core-ui">
        ?>
 </head>
 <body class="wp-core-ui">

-<h1 id="logo"><a href="<?php esc_attr_e( 'http://wordpress.org/' ); ?>"><?php _e( 'WordPress' ); ?></a></h1>
+<h1 id="logo"><a href="<?php echo esc_url( __( 'http://wordpress.org/' ) ); ?>"><?php _e( 'WordPress' ); ?></a></h1>

 
 <?php if ( get_option( 'db_version' ) == $wp_db_version || !is_blog_installed() ) : ?>
 
 
 <?php if ( get_option( 'db_version' ) == $wp_db_version || !is_blog_installed() ) : ?>
 


@@ -77,7 +77,7 @@ else
 <?php else :
 switch ( $step ) :
        case 0:
 <?php else :
 switch ( $step ) :
        case 0:

-               $goback = stripslashes( wp_get_referer() );
+               $goback = wp_get_referer();

                $goback = esc_url_raw( $goback );
                $goback = urlencode( $goback );
 ?>
                $goback = esc_url_raw( $goback );
                $goback = urlencode( $goback );
 ?>


@@ -90,7 +90,7 @@ switch ( $step ) :
        case 1:
                wp_upgrade();
 
        case 1:
                wp_upgrade();
 

-                       $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
+                       $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';

                        $backto = esc_url( $backto );
                        $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
 ?>
                        $backto = esc_url( $backto );
                        $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
 ?>