WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-16 19:46:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

attribute_escape() in upload form action. Props Nazgul. fixes #4689 for trunk

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-08-01 17:20:01 +00:00
parent 5a833d50ef
commit e9b0e8284b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-admin/includes/upload.php
View File

@ -105,8 +105,9 @@ function wp_upload_form() {
$id = get_the_ID();
global $post_id, $tab, $style;
$enctype = $id ? '' : ' enctype="multipart/form-data"';
$post_id = (int) $post_id;
?>
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
<?php
if ( $id ) :
$attachment = get_post_to_edit( $id );