| 1 | Index: wp-admin/includes/post.php |
|---|
| 2 | =================================================================== |
|---|
| 3 | --- wp-admin/includes/post.php (revision 14631) |
|---|
| 4 | +++ wp-admin/includes/post.php (working copy) |
|---|
| 5 | @@ -1143,7 +1143,7 @@ |
|---|
| 6 | function _wp_post_thumbnail_html( $thumbnail_id = NULL ) { |
|---|
| 7 | global $content_width, $_wp_additional_image_sizes; |
|---|
| 8 | |
|---|
| 9 | - $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . get_upload_iframe_src('image') . '" id="set-post-thumbnail" class="thickbox">%s</a></p>'; |
|---|
| 10 | + $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . esc_url( get_upload_iframe_src('image') ) . '" id="set-post-thumbnail" class="thickbox">%s</a></p>'; |
|---|
| 11 | $content = sprintf($set_thumbnail_link, esc_html__( 'Set featured image' )); |
|---|
| 12 | |
|---|
| 13 | if ( $thumbnail_id && get_post( $thumbnail_id ) ) { |
|---|
| 14 | Index: wp-admin/includes/media.php |
|---|
| 15 | =================================================================== |
|---|
| 16 | --- wp-admin/includes/media.php (revision 14631) |
|---|
| 17 | +++ wp-admin/includes/media.php (working copy) |
|---|
| 18 | @@ -379,7 +379,7 @@ |
|---|
| 19 | add_action( 'media_buttons', 'media_buttons' ); |
|---|
| 20 | |
|---|
| 21 | function _media_button($title, $icon, $type) { |
|---|
| 22 | - return "<a href='" . get_upload_iframe_src($type) . "' id='add_$type' class='thickbox' title='$title'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' /></a>"; |
|---|
| 23 | + return "<a href='" . esc_url( get_upload_iframe_src($type) ) . "' id='add_$type' class='thickbox' title='$title'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' /></a>"; |
|---|
| 24 | } |
|---|
| 25 | |
|---|
| 26 | function get_upload_iframe_src($type) { |
|---|
