Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-12-23 17:48:01 +01:00
Code Issues Projects Releases Wiki Activity

Properly escape source parameter in audio/video shortcodes. See #23282.

Browse Source 
git-svn-id: http://core.svn.wordpress.org/trunk@24334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Jon Cave 2013-05-23 17:45:59 +00:00
parent 81b18ddade
commit 94a56f3bbf
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/media.php
View File

@ -861,7 +861,7 @@ function wp_audio_shortcode( $attr ) {
if ( ! empty( $src ) ) { if ( ! empty( $src ) ) {
$type = wp_check_filetype( $src ); $type = wp_check_filetype( $src );
if ( ! in_array( $type['ext'], $default_types ) ) if ( ! in_array( $type['ext'], $default_types ) )
return sprintf( '<a class="wp-post-format-link-audio" href="%1$s">%1$s</a>', $src ); return sprintf( '<a class="wp-post-format-link-audio" href="%s">%s</a>', esc_url( $src ), esc_html( $src ) );
$primary = true; $primary = true;
array_unshift( $default_types, 'src' ); array_unshift( $default_types, 'src' );
} else { } else {
@ -907,7 +907,7 @@ function wp_audio_shortcode( $attr ) {
if ( empty( $fileurl ) ) if ( empty( $fileurl ) )
$fileurl = $$fallback; $fileurl = $$fallback;
$type = wp_check_filetype( $$fallback ); $type = wp_check_filetype( $$fallback );
$html .= sprintf( $source, $type['type'], $$fallback ); $html .= sprintf( $source, $type['type'], esc_url( $$fallback ) );
} }
} }
@ -979,7 +979,7 @@ function wp_video_shortcode( $attr ) {
if ( ! empty( $src ) ) { if ( ! empty( $src ) ) {
$type = wp_check_filetype( $src ); $type = wp_check_filetype( $src );
if ( ! in_array( $type['ext'], $default_types ) ) if ( ! in_array( $type['ext'], $default_types ) )
return sprintf( '<a class="wp-post-format-link-video" href="%1$s">%1$s</a>', $src ); return sprintf( '<a class="wp-post-format-link-video" href="%s">%s</a>', esc_url( $src ), esc_html( $src ) );
$primary = true; $primary = true;
array_unshift( $default_types, 'src' ); array_unshift( $default_types, 'src' );
} else { } else {
@ -1033,7 +1033,7 @@ function wp_video_shortcode( $attr ) {
// m4v sometimes shows up as video/mpeg which collides with mp4 // m4v sometimes shows up as video/mpeg which collides with mp4
if ( 'm4v' === $type['ext'] ) if ( 'm4v' === $type['ext'] )
$type['type'] = 'video/m4v'; $type['type'] = 'video/m4v';
$html .= sprintf( $source, $type['type'], $$fallback ); $html .= sprintf( $source, $type['type'], esc_url( $$fallback ) );
} }
} }
if ( 'mediaelement' === $library ) if ( 'mediaelement' === $library )