Make WordPress Core


Ignore:
Timestamp:
03/09/2007 04:36:24 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize browser-bound add_query_arg() outputs. fixes #3937

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/admin-functions.php

    r4657 r5007  
    18111811}
    18121812</script>
    1813 <form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo $action ?>">
     1813<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo attribute_escape($action) ?>">
    18141814<label for="upload"><?php _e('File:'); ?></label><input type="file" id="upload" name="import" />
    18151815<input type="hidden" name="action" value="save" />
Note: See TracChangeset for help on using the changeset viewer.