WordPress.org

Make WordPress Core

Ticket #4689: 4689.002.diff

File 4689.002.diff, 826 bytes (added by markjaquith, 8 years ago)

int-case the ID

  • wp-admin/includes/upload.php

     
    105105        $id = get_the_ID(); 
    106106        global $post_id, $tab, $style; 
    107107        $enctype = $id ? '' : ' enctype="multipart/form-data"'; 
     108        $post_id = (int) $post_id; 
    108109?> 
    109         <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>"> 
     110        <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>"> 
    110111<?php 
    111112        if ( $id ) : 
    112113                $attachment = get_post_to_edit( $id );