WordPress.org

Make WordPress Core

Changeset 37783


Ignore:
Timestamp:
06/21/2016 02:20:50 PM (3 years ago)
Author:
nbachiyski
Message:

Admin: Escape attachment name in case it contains special characters

Merge of [37774] to the 4.5 branch.

Location:
branches/4.5/src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.5/src/wp-admin/includes/class-wp-media-list-table.php

    r36887 r37783  
    396396            <?php
    397397            $file = get_attached_file( $post->ID );
    398             echo wp_basename( $file );
     398            echo esc_html( wp_basename( $file ) );
    399399            ?>
    400400        </p>
  • branches/4.5/src/wp-includes/post-template.php

    r37250 r37783  
    14661466     * @param string|bool  $text      If string, will be link text. Default false.
    14671467     */
    1468     return apply_filters( 'wp_get_attachment_link', "<a href='$url'>$link_text</a>", $id, $size, $permalink, $icon, $text );
     1468    return apply_filters( 'wp_get_attachment_link', "<a href='" . esc_url( $url ) . "'>$link_text</a>", $id, $size, $permalink, $icon, $text );
    14691469}
    14701470
Note: See TracChangeset for help on using the changeset viewer.