--- a/wp/wp-admin/edit-tag-form.php	Fri Sep 05 18:40:08 2025 +0200
+++ b/wp/wp-admin/edit-tag-form.php	Fri Sep 05 18:52:52 2025 +0200
@@ -44,7 +44,7 @@
 	do_action_deprecated( 'edit_tag_form_pre', array( $tag ), '3.0.0', '{$taxonomy}_pre_edit_form' );
 }
 
-$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';
+$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_url( $_REQUEST['wp_http_referer'] ) : '';
 $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer );
 
 // Also used by Edit Tags.
@@ -72,13 +72,18 @@
 <h1><?php echo $tax->labels->edit_item; ?></h1>
 
 <?php
-$class = ( isset( $msg ) && 5 === $msg ) ? 'error' : 'success';
+$class = ( isset( $_REQUEST['error'] ) ) ? 'error' : 'success';
 
 if ( $message ) {
 	$message = '<p><strong>' . $message . '</strong></p>';
 	if ( $wp_http_referer ) {
-		$message .= '<p><a href="' . esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ) . '">' . esc_html( $tax->labels->back_to_items ) . '</a></p>';
+		$message .= sprintf(
+			'<p><a href="%1$s">%2$s</a></p>',
+			esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ),
+			esc_html( $tax->labels->back_to_items )
+		);
 	}
+
 	wp_admin_notice(
 		$message,
 		array(