WordPress.org

Make WordPress Core

Ticket #13383: escurl.diff

File escurl.diff, 1.6 KB (added by jshreve, 8 years ago)

adds missing esc_url calls, fixes many validation errors

  • wp-admin/includes/post.php

     
    11431143function _wp_post_thumbnail_html( $thumbnail_id = NULL ) {
    11441144        global $content_width, $_wp_additional_image_sizes;
    11451145
    1146         $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . get_upload_iframe_src('image') . '" id="set-post-thumbnail" class="thickbox">%s</a></p>';
     1146        $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . esc_url( get_upload_iframe_src('image') ) . '" id="set-post-thumbnail" class="thickbox">%s</a></p>';
    11471147        $content = sprintf($set_thumbnail_link, esc_html__( 'Set featured image' ));
    11481148
    11491149        if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
  • wp-admin/includes/media.php

     
    379379add_action( 'media_buttons', 'media_buttons' );
    380380
    381381function _media_button($title, $icon, $type) {
    382         return "<a href='" . get_upload_iframe_src($type) . "' id='add_$type' class='thickbox' title='$title'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' /></a>";
     382        return "<a href='" . esc_url( get_upload_iframe_src($type) ) . "' id='add_$type' class='thickbox' title='$title'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' /></a>";
    383383}
    384384
    385385function get_upload_iframe_src($type) {