Make WordPress Core


Ignore:
Timestamp:
07/29/2011 07:21:21 PM (12 years ago)
Author:
azaozz
Message:

Add SWFUpload back for plugins that queue it directly, fix some escaping in media.php, see #18206

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r18483 r18484  
    14391439
    14401440    $upload_action_url = admin_url('async-upload.php');
    1441 
    14421441    $post_id = isset($_REQUEST['post_id']) ? intval($_REQUEST['post_id']) : 0;
    14431442
    1444     $upload_size_unit = $max_upload_size =  wp_max_upload_size();
     1443    $upload_size_unit = $max_upload_size = wp_max_upload_size();
    14451444    $sizes = array( 'KB', 'MB', 'GB' );
    1446     for ( $u = -1; $upload_size_unit > 1024 && $u < count( $sizes ) - 1; $u++ )
     1445
     1446    for ( $u = -1; $upload_size_unit > 1024 && $u < count( $sizes ) - 1; $u++ ) {
    14471447        $upload_size_unit /= 1024;
     1448    }
     1449
    14481450    if ( $u < 0 ) {
    14491451        $upload_size_unit = 0;
     
    14541456?>
    14551457</script>
     1458
    14561459<div id="media-upload-notice">
    14571460<?php if (isset($errors['upload_notice']) ) { ?>
     
    14591462<?php } ?>
    14601463</div>
     1464
    14611465<div id="media-upload-error">
    14621466<?php if (isset($errors['upload_error']) && is_wp_error($errors['upload_error'])) { ?>
     
    14841488        "short" => "1",
    14851489);
     1490
    14861491$post_params = apply_filters( 'upload_post_params', $post_params ); // hook change! old name: 'swfupload_post_params'
    14871492$p = array();
    1488 foreach ( $post_params as $param => $val )
     1493
     1494foreach ( $post_params as $param => $val ) {
     1495    $val = esc_js( $val );
    14891496    $p[] = "\t\t'$param' : '$val'";
     1497}
     1498
    14901499$post_params_str = implode( ", \n", $p );
    14911500
     
    14931502<script type="text/javascript">
    14941503//<![CDATA[
    1495 var resize_height = <?php echo get_option('large_size_h'); ?>,
    1496     resize_width = <?php echo get_option('large_size_w'); ?>;
     1504var resize_height = <?php echo get_option('large_size_h', 1024); ?>,
     1505    resize_width = <?php echo get_option('large_size_w', 1024); ?>;
    14971506
    14981507jQuery(document).ready(function($) {
     
    15031512        drop_element: 'media-upload',
    15041513        file_data_name: 'async-upload',
    1505         max_file_size: '<?php echo $max_upload_size / 1024; ?>kb',
    1506         url: '<?php echo esc_attr( $upload_action_url ); ?>',
    1507         flash_swf_url: '<?php echo includes_url('js/plupload/plupload.flash.swf'); ?>',
    1508         silverlight_xap_url: '<?php echo includes_url('js/plupload/plupload.silverlight.xap'); ?>',
     1514        max_file_size: '<?php echo round( (int) $max_upload_size / 1024 ); ?>kb',
     1515        url: '<?php echo esc_js( $upload_action_url ); ?>',
     1516        flash_swf_url: '<?php echo esc_js( includes_url('js/plupload/plupload.flash.swf') ); ?>',
     1517        silverlight_xap_url: '<?php echo esc_js( includes_url('js/plupload/plupload.silverlight.xap') ); ?>',
    15091518        filters: [
    1510             {title: '<?php _e( 'Allowed Files' ); ?>', extensions: '<?php echo apply_filters('upload_file_glob', '*'); ?>'}
     1519            {title: '<?php echo esc_js( __( 'Allowed Files' ) ); ?>', extensions: '<?php echo esc_js( apply_filters('uploader_allowed_extensions', '*') ); ?>'}
    15111520        ],
    15121521        multipart: true,
     
    15891598</div>
    15901599
    1591 <p class="media-upload-size"><?php printf( __( 'Maximum upload file size: %d%s' ), $upload_size_unit, $sizes[$u] ); ?></p>
     1600<p class="media-upload-size"><?php printf( __( 'Maximum upload file size: %d%s' ), esc_html($upload_size_unit), esc_html($sizes[$u]) ); ?></p>
    15921601<p class="howto"><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p>
    15931602
     
    16341643//]]>
    16351644</script>
    1636 <div id="media-items">
    1637 <?php
     1645<div id="media-items"><?php
     1646
    16381647if ( $id ) {
    16391648    if ( !is_wp_error($id) ) {
     
    16411650        echo get_media_items( $id, $errors );
    16421651    } else {
    1643         echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
     1652        echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div></div>';
    16441653        exit;
    16451654    }
    16461655}
    1647 ?>
    1648 </div>
     1656?></div>
     1657
    16491658<p class="savebutton ml-submit">
    16501659<?php submit_button( __( 'Save all changes' ), 'button', 'save', false ); ?>
Note: See TracChangeset for help on using the changeset viewer.