diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php index 2a7375f6f6..d0bd82503b 100644 --- a/wp-admin/inline-uploading.php +++ b/wp-admin/inline-uploading.php @@ -238,7 +238,7 @@ srcb[{$ID}] = '{$image['guid']}'; $xpadding = (128 - $image['uwidth']) / 2; $ypadding = (96 - $image['uheight']) / 2; $style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n"; - $title = htmlentities($image['post_title'], ENT_QUOTES); + $title = wp_specialchars($image['post_title'], ENT_QUOTES); $script .= "aa[{$ID}] = ''; ab[{$ID}] = ''; imga[{$ID}] = ''; @@ -258,7 +258,7 @@ imgb[{$ID}] = ' "; } else { - $title = htmlentities($attachment['post_title'], ENT_QUOTES); + $title = wp_specialchars($attachment['post_title'], ENT_QUOTES); $filename = basename($attachment['guid']); $icon = get_attachment_icon($ID); $toggle_icon = "$__using_title"; @@ -299,8 +299,10 @@ die(__('This script was not meant to be called directly.')); +