WordPress.org

Make WordPress Core

Ticket #4689: 4689.002.diff

File 4689.002.diff, 826 bytes (added by markjaquith, 11 years ago)

int-case the ID

  • wp-admin/includes/upload.php

     
    105105        $id = get_the_ID();
    106106        global $post_id, $tab, $style;
    107107        $enctype = $id ? '' : ' enctype="multipart/form-data"';
     108        $post_id = (int) $post_id;
    108109?>
    109         <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
     110        <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
    110111<?php
    111112        if ( $id ) :
    112113                $attachment = get_post_to_edit( $id );