Make WordPress Core


Ignore:
Timestamp:
03/09/2007 04:36:24 AM (17 years ago)
Author:
markjaquith
Message:

Sanitize browser-bound add_query_arg() outputs. fixes #3937

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-admin/admin-functions.php

    r4988 r5007  
    19231923        $bytes = $size * 1024 * 1024 * 1024;
    19241924?>
    1925 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>">
     1925<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
    19261926<p>
    19271927<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
Note: See TracChangeset for help on using the changeset viewer.