Changeset 23416 for trunk/wp-admin/includes/media.php
- Timestamp:
- 02/14/2013 10:51:06 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/media.php
r23395 r23416 445 445 446 446 if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { 447 $attachment = wp_unslash( $attachment ); 448 447 449 $post = $_post = get_post($attachment_id, ARRAY_A); 448 450 $post_type_object = get_post_type_object( $post[ 'post_type' ] ); … … 469 471 if ( isset($attachment['image_alt']) ) { 470 472 $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true); 471 if ( $image_alt != stripslashes($attachment['image_alt']) ) { 472 $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true ); 473 // update_meta expects slashed 474 update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) ); 473 if ( $image_alt != $attachment['image_alt'] ) { 474 $image_alt = wp_strip_all_tags( $attachment['image_alt'], true ); 475 wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt ); 475 476 } 476 477 } … … 502 503 503 504 if ( isset($send_id) ) { 504 $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );505 $attachment = wp_unslash( $_POST['attachments'][$send_id] ); 505 506 506 507 $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : ''; … … 547 548 548 549 if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) { 549 $title = esc_html( stripslashes( $_POST['title'] ) );550 $title = esc_html( wp_unslash( $_POST['title'] ) ); 550 551 if ( empty( $title ) ) 551 552 $title = esc_html( basename( $src ) ); … … 562 563 } else { 563 564 $align = ''; 564 $alt = esc_attr( stripslashes( $_POST['alt'] ) );565 $alt = esc_attr( wp_unslash( $_POST['alt'] ) ); 565 566 if ( isset($_POST['align']) ) { 566 $align = esc_attr( stripslashes( $_POST['align'] ) );567 $align = esc_attr( wp_unslash( $_POST['align'] ) ); 567 568 $class = " class='align$align'"; 568 569 }
Note: See TracChangeset
for help on using the changeset viewer.