Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-02 05:31:25 +01:00
Code Issues Projects Releases Wiki Activity

escape hrefs. Props Denis-de-Bernardy. fixes #10056

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12295 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-11-30 16:55:50 +00:00
parent 1d9c71611a
commit 0874bf7d4f
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
wp-admin/includes/media.php
View File

@ -486,7 +486,7 @@ function media_upload_image() {
$src = $_POST['insertonly']['embed-src']; $src = $_POST['insertonly']['embed-src'];
if ( !strpos($src, '://') ) if ( !strpos($src, '://') )
$src = "http://$src"; $src = "http://$src";
$html = '[embed]' . $src . '[/embed]'; $html = '[embed]' . esc_url($src) . '[/embed]';
} else { } else {
$src = $_POST['insertonly']['src']; $src = $_POST['insertonly']['src'];
if ( !empty($src) && !strpos($src, '://') ) if ( !empty($src) && !strpos($src, '://') )
@ -497,10 +497,10 @@ function media_upload_image() {
$class = " class='align$align'"; $class = " class='align$align'";
} }
if ( !empty($src) ) if ( !empty($src) )
$html = "<img src='$src' alt='$alt'$class />"; $html = "<img src='" . esc_url($src) . "' alt='$alt'$class />";
} }
$html = apply_filters('image_send_to_editor_url', $html, $src, $alt, $align); $html = apply_filters('image_send_to_editor_url', $html, esc_url_raw($src), $alt, $align);
return media_send_to_editor($html); return media_send_to_editor($html);
} }
@ -596,8 +596,8 @@ function media_upload_audio() {
if ( !empty($href) && !strpos($href, '://') ) if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href"; $href = "http://$href";
$html = '[embed]' . $href . '[/embed]'; $html = '[embed]' . esc_url($href) . '[/embed]';
$html = apply_filters('audio_send_to_editor_url', $html, $href); $html = apply_filters('audio_send_to_editor_url', $html, esc_url_raw($href));
return media_send_to_editor($html); return media_send_to_editor($html);
} }
@ -647,8 +647,8 @@ function media_upload_video() {
if ( !empty($href) && !strpos($href, '://') ) if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href"; $href = "http://$href";
$html = '[embed]' . $href . '[/embed]'; $html = '[embed]' . esc_url($href) . '[/embed]';
$html = apply_filters('video_send_to_editor_url', $html, $href); $html = apply_filters('video_send_to_editor_url', $html, esc_url_raw($href));
return media_send_to_editor($html); return media_send_to_editor($html);
} }
@ -702,8 +702,8 @@ function media_upload_file() {
if ( empty($title) ) if ( empty($title) )
$title = basename($href); $title = basename($href);
if ( !empty($title) && !empty($href) ) if ( !empty($title) && !empty($href) )
$html = "<a href='$href' >$title</a>"; $html = "<a href='" . esc_url($href) . "' >$title</a>";
$html = apply_filters('file_send_to_editor_url', $html, $href, $title); $html = apply_filters('file_send_to_editor_url', $html, esc_url_raw($href), $title);
return media_send_to_editor($html); return media_send_to_editor($html);
} }