WordPress.org

Make WordPress Core

Ticket #23266: 23266.patch

File 23266.patch, 3.1 KB (added by SergeyBiryukov, 18 months ago)
  • wp-admin/includes/media.php

     
    16021602                $form_class .= ' html-uploader'; 
    16031603?> 
    16041604 
    1605 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> 
     1605<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> 
    16061606<?php submit_button( '', 'hidden', 'save', false ); ?> 
    16071607<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    16081608<?php wp_nonce_field('media-form'); ?> 
     
    16671667                $form_class .= ' html-uploader'; 
    16681668?> 
    16691669 
    1670 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> 
     1670<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> 
    16711671<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    16721672<?php wp_nonce_field('media-form'); ?> 
    16731673 
     
    18181818<a href="#" id="desc"><?php _e('Descending'); ?></a> | 
    18191819<a href="#" id="clear"><?php _ex('Clear', 'verb'); ?></a> 
    18201820</div> 
    1821 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="gallery-form"> 
     1821<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="gallery-form"> 
    18221822<?php wp_nonce_field('media-form'); ?> 
    18231823<?php //media_upload_form( $errors ); ?> 
    18241824<table class="widefat" cellspacing="0"> 
     
    20582058</div> 
    20592059</form> 
    20602060 
    2061 <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="library-form"> 
     2061<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( $form_action_url ); ?>" class="<?php echo $form_class; ?>" id="library-form"> 
    20622062 
    20632063<?php wp_nonce_field('media-form'); ?> 
    20642064<?php //media_upload_form( $errors ); ?> 
  • wp-admin/includes/template.php

     
    787787                <p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php 
    788788        else : 
    789789?> 
    790 <form enctype="multipart/form-data" id="import-upload-form" method="post" class="wp-upload-form" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>"> 
     790<form enctype="multipart/form-data" id="import-upload-form" method="post" class="wp-upload-form" action="<?php echo esc_url( wp_nonce_url( $action, 'import-upload' ) ); ?>"> 
    791791<p> 
    792792<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>) 
    793793<input type="file" id="upload" name="import" size="25" />