Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-18 16:45:31 +01:00
Code Issues Projects Releases Wiki Activity

More upload escaping. Props Brian Layman. fixes #4689 for trunk

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-08-01 20:58:19 +00:00
parent f526180278
commit f359dab72e
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/includes/upload.php
View File

@ -107,7 +107,7 @@ function wp_upload_form() {
$enctype = $id ? '' : ' enctype="multipart/form-data"'; $enctype = $id ? '' : ' enctype="multipart/form-data"';
$post_id = (int) $post_id; $post_id = (int) $post_id;
?> ?>
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>"> <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&amp;tab=upload&amp;post_id=' . $post_id); ?>">
<?php <?php
if ( $id ) : if ( $id ) :
$attachment = get_post_to_edit( $id ); $attachment = get_post_to_edit( $id );
@ -202,7 +202,7 @@ function wp_upload_tab_upload_action() {
if ( !current_user_can( 'upload_files' ) ) if ( !current_user_can( 'upload_files' ) )
wp_die( __('You are not allowed to upload files.') wp_die( __('You are not allowed to upload files.')
. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=browse-all&amp;post_id=$post_id'>" . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=browse-all&amp;post_id=$post_id") . "'>"
. __('Browse Files') . '</a>' . __('Browse Files') . '</a>'
); );
@ -212,7 +212,7 @@ function wp_upload_tab_upload_action() {
if ( isset($file['error']) ) if ( isset($file['error']) )
wp_die($file['error'] . "<br /><a href='" . get_option('siteurl') wp_die($file['error'] . "<br /><a href='" . get_option('siteurl')
. "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>" . __('Back to Image Uploading') . '</a>' . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'
); );
$url = $file['url']; $url = $file['url'];
@ -259,7 +259,7 @@ function wp_upload_tab_upload_action() {
if ( !current_user_can('edit_post', (int) $ID) ) if ( !current_user_can('edit_post', (int) $ID) )
wp_die( __('You are not allowed to delete this attachment.') wp_die( __('You are not allowed to delete this attachment.')
. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>" . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>"
. __('Go back') . '</a>' . __('Go back') . '</a>'
); );