Make WordPress Core

Changeset 4402


Ignore:
Timestamp:
10/17/2006 06:24:36 PM (17 years ago)
Author:
markjaquith
Message:

Entity encode image title attribute. Props mdawaffe. fixes #3258

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post-template.php

    r4372 r4402  
    329329        return __('Missing Attachment');
    330330
     331    $post_title = wp_specialchars( $_post->post_title, 1 );
     332
    331333    if (! empty($_post->guid) ) {
    332334        $innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims);
    333335
    334         return "<a href=\"{$_post->guid}\" title=\"{$_post->post_title}\" >{$innerHTML}</a>";
     336        return "<a href='$_post->guid' title='$post_title'>$innerHTML</a>";
    335337
    336338    } else {
     
    401403            if ( $actual_aspect >= $desired_aspect ) {
    402404                $height = $actual_aspect * $max_dims[0];
    403                 $constraint = "width=\"{$max_dims[0]}\" ";
     405                $constraint = "width='{$max_dims[0]}' ";
    404406                $post->iconsize = array($max_dims[0], $height);
    405407            } else {
    406408                $width = $max_dims[1] / $actual_aspect;
    407                 $constraint = "height=\"{$max_dims[1]}\" ";
     409                $constraint = "height='{$max_dims[1]}' ";
    408410                $post->iconsize = array($width, $max_dims[1]);
    409411            }
     
    413415    }
    414416
    415     $icon = "<img src=\"{$src}\" title=\"{$post->post_title}\" alt=\"{$post->post_title}\" {$constraint}/>";
     417    $post_title = wp_specialchars( $post->post_title, 1 );
     418
     419    $icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>";
    416420
    417421    return apply_filters('attachment_icon', $icon, $post->ID);
     
    426430    $post = & get_post($id);
    427431
    428     $innerHTML = $post->post_title;
     432    $innerHTML = wp_specialchars( $post->post_title, 1 );
    429433
    430434    return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
Note: See TracChangeset for help on using the changeset viewer.