Changeset 3398

Timestamp:

01/05/2006 01:43:30 AM (19 years ago)

Author:

ryan

Message:

Handle quotes in upload titles. fixes #2198

File:

• trunk/wp-admin/inline-uploading.php (modified) (3 diffs)

trunk/wp-admin/inline-uploading.php

@@ -233 +233 @@
             $ypadding = (96 - $image['uheight']) / 2;
             $style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-            $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$image['post_title']}\">';
-ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$image['post_title']}\">';
-imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$image['post_title']}\" $height_width />';
-imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$image['post_title']}\" $height_width />';
+            $title = htmlentities($image['post_title'], ENT_QUOTES);
+            $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
+imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\" $height_width />';
 ";
             $html .= "<div id='target{$ID}' class='attwrap left'>
     <div id='div{$ID}' class='imagewrap' onclick=\"doPopup({$ID});\">
-        <img id=\"image{$ID}\" src=\"$src\" alt=\"{$image['post_title']}\" $height_width />
+        <img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />
     </div>
     {$noscript}
@@ -252 +253 @@
 ";
         } else {
-            $title = $attachment['post_title'];
+            $title = htmlentities($attachment['post_title'], ENT_QUOTES);
             $filename = basename($attachment['guid']);
             $icon = get_attachment_icon($ID);
             $toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
-            $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$attachment['post_title']}</a>';
-ab[{$ID}] = '<a id=\"p{$ID}\" href=\"{$filename}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$attachment['post_title']}</a>';
-title[{$ID}] = '{$attachment['post_title']}';
+            $script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$title}</a>';
+ab[{$ID}] = '<a id=\"p{$ID}\" href=\"{$filename}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$title}</a>';
+title[{$ID}] = '{$title}';
 filename[{$ID}] = '{$filename}';
 icon[{$ID}] = '{$icon}';
@@ -264 +265 @@
             $html .= "<div id='target{$ID}' class='attwrap left'>
     <div id='div{$ID}' class='otherwrap usingtext' onmousedown=\"selectLink({$ID})\" onclick=\"doPopup({$ID});return false;\">
-        <a id=\"p{$ID}\" href=\"{$attachment['guid']}\" onmousedown=\"selectLink({$ID});\" onclick=\"return false;\">{$attachment['post_title']}</a>
+        <a id=\"p{$ID}\" href=\"{$attachment['guid']}\" onmousedown=\"selectLink({$ID});\" onclick=\"return false;\">{$title}</a>
     </div>
     {$noscript}