Make WordPress Core


Ignore:
Timestamp:
10/18/2009 06:14:16 AM (15 years ago)
Author:
azaozz
Message:

Properly escape filename when sending to editor, props hakre sivel, fixes #10252

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r12036 r12051  
    108108
    109109    if ( $url )
    110         $html = '<a href="' . esc_url($url) . "\"$rel>$html</a>";
     110        $html = '<a href="' . esc_attr($url) . "\"$rel>$html</a>";
    111111
    112112    $html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
Note: See TracChangeset for help on using the changeset viewer.