WordPress.org

Make WordPress Core

Ticket #18708: 18708.5.patch

File 18708.5.patch, 3.7 KB (added by SergeyBiryukov, 22 months ago)

Restored esc_url()

  • wp-admin/css/media.dev.css

     
    193193        text-align: center; 
    194194} 
    195195 
    196 #media-upload a.wp-post-thumbnail { 
    197         margin: 0 20px; 
    198 } 
    199  
    200196#media-items a.delete { 
    201197        display: block; 
    202198        float: right; 
  • wp-admin/includes/media.php

     
    11801180        if ( 'image' == $type && $calling_post_id && current_theme_supports( 'post-thumbnails', get_post_type( $calling_post_id ) ) 
    11811181                && post_type_supports( get_post_type( $calling_post_id ), 'thumbnail' ) && get_post_thumbnail_id( $calling_post_id ) != $attachment_id ) { 
    11821182                $ajax_nonce = wp_create_nonce( "set_post_thumbnail-$calling_post_id" ); 
    1183                 $thumbnail = "<a class='wp-post-thumbnail' id='wp-post-thumbnail-" . $attachment_id . "' href='#' onclick='WPSetAsThumbnail(\"$attachment_id\", \"$ajax_nonce\");return false;'>" . esc_html__( "Use as featured image" ) . "</a>"; 
     1183                $thumbnail = "<input class='wp-post-thumbnail' id='wp-post-thumbnail-" . $attachment_id . "' class='button' type='submit' onclick='WPSetAsThumbnail(\"$attachment_id\", \"$ajax_nonce\");return false;' value='" . esc_attr__( "Use as featured image" ) . "' name='wp-post-thumbnail-" . $attachment_id . "' />"; 
    11841184        } 
    11851185 
    11861186        if ( ( $send || $thumbnail || $delete ) && !isset( $form_fields['buttons'] ) ) 
  • wp-admin/includes/post.php

     
    11451145        if ( empty( $post_id ) ) 
    11461146                $post_id = $post_ID; 
    11471147 
    1148         $upload_iframe_src = esc_url( get_upload_iframe_src('image', $post_id) ); 
     1148        $upload_iframe_src = get_upload_iframe_src( 'image', $post_id ); 
     1149        $upload_iframe_src = remove_query_arg( 'TB_iframe', $upload_iframe_src ); 
     1150        $upload_iframe_src = esc_url( add_query_arg( array( 'context' => 'featured', 'TB_iframe' => 1 ), $upload_iframe_src ) ); 
    11491151        $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="%s" id="set-post-thumbnail" class="thickbox">%s</a></p>'; 
    11501152        $content = sprintf( $set_thumbnail_link, $upload_iframe_src, esc_html__( 'Set featured image' ) ); 
    11511153 
  • wp-admin/js/set-post-thumbnail.dev.js

     
    11function WPSetAsThumbnail(id, nonce){ 
    2         var $link = jQuery('a#wp-post-thumbnail-' + id); 
     2        var $button = jQuery('input#wp-post-thumbnail-' + id); 
    33 
    4         $link.text( setPostThumbnailL10n.saving ); 
     4        $button.val( setPostThumbnailL10n.saving ); 
    55        jQuery.post(ajaxurl, { 
    66                action:"set-post-thumbnail", post_id: post_id, thumbnail_id: id, _ajax_nonce: nonce, cookie: encodeURIComponent(document.cookie) 
    77        }, function(str){ 
    88                var win = window.dialogArguments || opener || parent || top; 
    9                 $link.text( setPostThumbnailL10n.setThumbnail ); 
     9                $button.val( setPostThumbnailL10n.setThumbnail ); 
    1010                if ( str == '0' ) { 
    1111                        alert( setPostThumbnailL10n.error ); 
    1212                } else { 
    13                         jQuery('a.wp-post-thumbnail').show(); 
    14                         $link.text( setPostThumbnailL10n.done ); 
    15                         $link.fadeOut( 2000 ); 
     13                        jQuery('input.wp-post-thumbnail').show(); 
     14                        $button.val( setPostThumbnailL10n.done ); 
     15                        $button.fadeOut( 2000 ); 
    1616                        win.WPSetThumbnailID(id); 
    1717                        win.WPSetThumbnailHTML(str); 
     18                        if ( window.location.href.indexOf('featured') != -1 ) 
     19                                win.tb_remove(); 
    1820                } 
    1921        } 
    2022        );