Changeset 23739 for trunk/wp-admin/media-new.php

Timestamp:

03/18/2013 02:01:25 PM (12 years ago)

Author:

ryan

Message:

Escape form action urls with esc_url() rather than esc_attr().

Props SergeyBiryukov
fixes #23266

File:

• trunk/wp-admin/media-new.php (modified) (1 diff)

trunk/wp-admin/media-new.php

@@ -69 +69 @@
     <h2><?php echo esc_html( $title ); ?></h2>
 
-    <form enctype="multipart/form-data" method="post" action="<?php echo admin_url('media-new.php'); ?>" class="<?php echo $form_class; ?>" id="file-form">
+    <form enctype="multipart/form-data" method="post" action="<?php echo admin_url('media-new.php'); ?>" class="<?php echo esc_attr( $form_class ); ?>" id="file-form">
 
     <?php media_upload_form(); ?>