Make WordPress Core

Ticket #4689: 4689.diff

File 4689.diff, 798 bytes (added by Nazgul, 17 years ago)
  • wp-admin/includes/upload.php

     
    106106        global $post_id, $tab, $style;
    107107        $enctype = $id ? '' : ' enctype="multipart/form-data"';
    108108?>
    109         <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
     109        <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style) . "&amp;tab=upload&amp;post_id=" . attribute_escape($post_id); ?>">
    110110<?php
    111111        if ( $id ) :
    112112                $attachment = get_post_to_edit( $id );