- if ( !isset( $_GET['main'] ) && !isset($_GET['charsout']) && wp_verify_nonce($_GET['_error_nonce'], 'plugin-activation-error_' . $plugin) ) { ?>
- <iframe style="border:0" width="100%" height="70px" src="<?php echo 'plugins.php?action=error_scrape&plugin=' . esc_attr($plugin) . '&_wpnonce=' . esc_attr($_GET['_error_nonce']); ?>"></iframe>
+ if ( ! isset( $_GET['main'] ) && ! isset( $_GET['charsout'] ) && wp_verify_nonce( $_GET['_error_nonce'], 'plugin-activation-error_' . $plugin ) ) {
+ $iframe_url = add_query_arg( array(
+ 'action' => 'error_scrape',
+ 'plugin' => urlencode( $plugin ),
+ '_wpnonce' => urlencode( $_GET['_error_nonce'] ),
+ ), admin_url( 'plugins.php' ) );
+ ?>
+ <iframe style="border:0" width="100%" height="70px" src="<?php echo esc_url( $iframe_url ); ?>"></iframe>