Changeset 37786

Timestamp:

06/21/2016 02:23:11 PM (9 years ago)

Author:

nbachiyski

Message:

Admin: Escape attachment name in case it contains special characters

Merge of [37774] to the 4.3 branch.

Location:

branches/4.3/src

Files:

• wp-admin/includes/class-wp-media-list-table.php (modified) (1 diff)
• wp-includes/post-template.php (modified) (1 diff)

branches/4.3/src/wp-admin/includes/class-wp-media-list-table.php

@@ -362 +362 @@
             <?php _media_states( $post ); ?>
         </strong>
-        <p class="filename"><span class="screen-reader-text"><?php _e( 'File name:' ); ?> </span><?php echo wp_basename( $post->guid ); ?></p>
+        <p class="filename"><span class="screen-reader-text"><?php _e( 'File name:' ); ?> </span><?php echo esc_html( wp_basename( $post->guid ) ); ?></p>
         <?php
     }

branches/4.3/src/wp-includes/post-template.php

@@ -1598 +1598 @@
      * @param string|bool $text      If string, will be link text. Default false.
      */
-    return apply_filters( 'wp_get_attachment_link', "<a href='$url'>$link_text</a>", $id, $size, $permalink, $icon, $text );
+    return apply_filters( 'wp_get_attachment_link', "<a href='" . esc_url( $url ) . "'>$link_text</a>", $id, $size, $permalink, $icon, $text );
 }