Index: wp-admin/includes/media.php
===================================================================
--- wp-admin/includes/media.php (revision 12207)
+++ wp-admin/includes/media.php (working copy)
@@ -486,7 +486,7 @@
$src = $_POST['insertonly']['embed-src'];
if ( !strpos($src, '://') )
$src = "http://$src";
- $html = '[embed]' . $src . '[/embed]';
+ $html = '[embed]' . esc_url($src) . '[/embed]';
} else {
$src = $_POST['insertonly']['src'];
if ( !empty($src) && !strpos($src, '://') )
@@ -497,10 +497,10 @@
$class = " class='align$align'";
}
if ( !empty($src) )
- $html = "
";
+ $html = "![$alt](" . esc_url($src) . ")
";
}
- $html = apply_filters('image_send_to_editor_url', $html, $src, $alt, $align);
+ $html = apply_filters('image_send_to_editor_url', $html, esc_url_raw($src), $alt, $align);
return media_send_to_editor($html);
}
@@ -596,8 +596,8 @@
if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href";
- $html = '[embed]' . $href . '[/embed]';
- $html = apply_filters('audio_send_to_editor_url', $html, $href);
+ $html = '[embed]' . esc_url($href) . '[/embed]';
+ $html = apply_filters('audio_send_to_editor_url', $html, esc_url_raw($href));
return media_send_to_editor($html);
}
@@ -647,8 +647,8 @@
if ( !empty($href) && !strpos($href, '://') )
$href = "http://$href";
- $html = '[embed]' . $href . '[/embed]';
- $html = apply_filters('video_send_to_editor_url', $html, $href);
+ $html = '[embed]' . esc_url($href) . '[/embed]';
+ $html = apply_filters('video_send_to_editor_url', $html, esc_url_raw($href));
return media_send_to_editor($html);
}
@@ -702,8 +702,8 @@
if ( empty($title) )
$title = basename($href);
if ( !empty($title) && !empty($href) )
- $html = "$title";
- $html = apply_filters('file_send_to_editor_url', $html, $href, $title);
+ $html = "$title";
+ $html = apply_filters('file_send_to_editor_url', $html, esc_url_raw($href), $title);
return media_send_to_editor($html);
}