@@ -120,9 +120,11 @@ public function register(): void {
120120
121121 // Fallback admin notice when a gated AJAX/REST request was blocked.
122122 add_action ( 'admin_notices ' , array ( $ this , 'render_blocked_notice ' ) );
123+ add_action ( 'network_admin_notices ' , array ( $ this , 'render_blocked_notice ' ) );
123124
124125 // Persistent gate notice on gated pages when no sudo session is active.
125126 add_action ( 'admin_notices ' , array ( $ this , 'render_gate_notice ' ) );
127+ add_action ( 'network_admin_notices ' , array ( $ this , 'render_gate_notice ' ) );
126128
127129 // PHP action link filters for server-rendered buttons (plugins list table).
128130 add_filter ( 'plugin_action_links ' , array ( $ this , 'filter_plugin_action_links ' ), 50 , 2 );
@@ -833,7 +835,8 @@ public function render_blocked_notice(): void {
833835
834836 $ query_args = array ( 'page ' => 'wp-sudo-challenge ' );
835837 if ( $ current_url ) {
836- $ query_args ['return_url ' ] = rawurlencode ( $ current_url );
838+ // add_query_arg() already encodes the URL, so no need for rawurlencode().
839+ $ query_args ['return_url ' ] = $ current_url ;
837840 }
838841
839842 $ challenge_url = add_query_arg (
@@ -905,7 +908,8 @@ public function render_gate_notice(): void {
905908
906909 $ query_args = array ( 'page ' => 'wp-sudo-challenge ' );
907910 if ( $ current_url ) {
908- $ query_args ['return_url ' ] = rawurlencode ( $ current_url );
911+ // add_query_arg() already encodes the URL, so no need for rawurlencode().
912+ $ query_args ['return_url ' ] = $ current_url ;
909913 }
910914
911915 $ challenge_url = add_query_arg (
0 commit comments