Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

attribute_escape() in upload form action. Props Nazgul. fixes #4689 for 2.2.x 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.2@5828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-08-01 17:21:08 +00:00
parent 1e03ffb3d4
commit 77a94e8c13
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-admin/upload-functions.php
View File

@ -105,8 +105,9 @@ function wp_upload_form() {
$id = get_the_ID();
global $post_id, $tab, $style;
$enctype = $id ? '' : ' enctype="multipart/form-data"';
$post_id = (int) $post_id;
?>
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
<?php
if ( $id ) :
$attachment = get_post_to_edit( $id );