WordPress.org

Make WordPress Core

Ticket #13383: escurl.diff

File escurl.diff, 1.6 KB (added by jshreve, 4 years ago)

adds missing esc_url calls, fixes many validation errors

  • wp-admin/includes/post.php

     
    11431143function _wp_post_thumbnail_html( $thumbnail_id = NULL ) { 
    11441144        global $content_width, $_wp_additional_image_sizes; 
    11451145 
    1146         $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . get_upload_iframe_src('image') . '" id="set-post-thumbnail" class="thickbox">%s</a></p>'; 
     1146        $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . esc_url( get_upload_iframe_src('image') ) . '" id="set-post-thumbnail" class="thickbox">%s</a></p>'; 
    11471147        $content = sprintf($set_thumbnail_link, esc_html__( 'Set featured image' )); 
    11481148 
    11491149        if ( $thumbnail_id && get_post( $thumbnail_id ) ) { 
  • wp-admin/includes/media.php

     
    379379add_action( 'media_buttons', 'media_buttons' ); 
    380380 
    381381function _media_button($title, $icon, $type) { 
    382         return "<a href='" . get_upload_iframe_src($type) . "' id='add_$type' class='thickbox' title='$title'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' /></a>"; 
     382        return "<a href='" . esc_url( get_upload_iframe_src($type) ) . "' id='add_$type' class='thickbox' title='$title'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' /></a>"; 
    383383} 
    384384 
    385385function get_upload_iframe_src($type) {