attribute_escape content before stuffing it in value attribute. Props Dan Coulter. fixes #3919
git-svn-id: http://svn.automattic.com/wordpress/trunk@4986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
b9c75476a4
commit
8338d6c203
|
@ -18,7 +18,7 @@ function wp_upload_display( $dims = false, $href = '' ) {
|
||||||
the_title();
|
the_title();
|
||||||
$post_title = attribute_escape(ob_get_contents());
|
$post_title = attribute_escape(ob_get_contents());
|
||||||
ob_end_clean();
|
ob_end_clean();
|
||||||
$post_content = apply_filters( 'content_edit_pre', $post->post_content );
|
$post_content = attribute_escape(apply_filters( 'content_edit_pre', $post->post_content ));
|
||||||
|
|
||||||
$class = 'text';
|
$class = 'text';
|
||||||
$innerHTML = get_attachment_innerHTML( $id, false, $dims );
|
$innerHTML = get_attachment_innerHTML( $id, false, $dims );
|
||||||
|
|
Loading…
Reference in New Issue