switch($step) {
case 0:
- $goback = wp_specialchars(wp_get_referer());
+ $goback = clean_url(stripslashes(wp_get_referer()));
?>
<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p>
<h2 class="step"><a href="upgrade.php?step=1&backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress »'); ?></a></h2>
if ( empty( $_GET['backto'] ) )
$backto = __get_option('home');
else
- $backto = wp_specialchars( $_GET['backto'] , 1 );
+ $backto = clean_url(stripslashes($_GET['backto']));
?>
<h2><?php _e('Step 1'); ?></h2>
<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), $backto); ?></p>