sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

attribute_escape() in upload form action. Props Nazgul. fixes #4689 for trunk

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@5827 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2007-08-01 17:20:01 +00:00
parent a6475975e3
commit b01f6d8c75
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-admin/includes/upload.php
View File

@ -105,8 +105,9 @@ function wp_upload_form() {
$id = get_the_ID();
global $post_id, $tab, $style;
$enctype = $id ? '' : ' enctype="multipart/form-data"';
$post_id = (int) $post_id;
?>
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
<?php
if ( $id ) :
$attachment = get_post_to_edit( $id );