WordPress.org

Make WordPress Core

Ticket #4689: 4689.diff

File 4689.diff, 798 bytes (added by Nazgul, 7 years ago)
  • wp-admin/includes/upload.php

     
    106106        global $post_id, $tab, $style; 
    107107        $enctype = $id ? '' : ' enctype="multipart/form-data"'; 
    108108?> 
    109         <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>"> 
     109        <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style) . "&amp;tab=upload&amp;post_id=" . attribute_escape($post_id); ?>"> 
    110110<?php 
    111111        if ( $id ) : 
    112112                $attachment = get_post_to_edit( $id );