From 0192ff842c9b9a4e1edb6384f2ecd284b9622e79 Mon Sep 17 00:00:00 2001
From: audrasjb <audrasjb@git.wordpress.org>
Date: Mon, 24 Apr 2023 16:44:19 +0000
Subject: [PATCH] Coding Standards: Escape edit profile URL in
 `default_password_nag()`.

Props utsav72640, mukesh27.
Fixes #58182.

Built from https://develop.svn.wordpress.org/trunk@55682


git-svn-id: http://core.svn.wordpress.org/trunk@55194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/user.php | 2 +-
 wp-includes/version.php    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index e3a8f6008f..6780824de8 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -531,7 +531,7 @@ function default_password_nag() {
 	echo '<strong>' . __( 'Notice:' ) . '</strong> ';
 	_e( 'You&rsquo;re using the auto-generated password for your account. Would you like to change it?' );
 	echo '</p><p>';
-	printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', get_edit_profile_url() . '#password' );
+	printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', esc_url( get_edit_profile_url() . '#password' ) );
 	printf( '<a href="%s" id="default-password-nag-no">' . __( 'No thanks, do not remind me again' ) . '</a>', '?default_password_nag=0' );
 	echo '</p></div>';
 }
diff --git a/wp-includes/version.php b/wp-includes/version.php
index f2840c2320..ef6eca02b2 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.3-alpha-55681';
+$wp_version = '6.3-alpha-55682';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.