Coding Standards: Escape attachment URL in wp-admin/async-upload.php.

aaronjorbin · aaronjorbin · commit 04e4e6f09723 · 2024-12-18T20:56:06.000Z
Follow-up to [58279]. Reviewed by jorbin. Merges [59407] to the 6.7 branch. Props shyamkariya, pitamdey, nareshbheda, ketanniruke, desrosj, SergeyBiryukov . Fixes #62434. git-svn-id: https://develop.svn.wordpress.org/branches/6.7@59538 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-admin/async-upload.php b/src/wp-admin/async-upload.php
@@ -74,7 +74,9 @@
 							}
 							?>
 							<span class="media-item-copy-container copy-to-clipboard-container edit-attachment">
-								<button type="button" class="button button-small copy-attachment-url" data-clipboard-text="<?php echo $file_url; ?>"><?php _e( 'Copy URL to clipboard' ); ?></button>
+								<button type="button" class="button button-small copy-attachment-url"
+									data-clipboard-text="<?php echo esc_url( $file_url ); ?>"
+								><?php _e( 'Copy URL to clipboard' ); ?></button>
 								<span class="success hidden" aria-hidden="true"><?php _e( 'Copied!' ); ?></span>
 							</span>
 						</div>
