Make WordPress Core


Ignore:
Timestamp:
03/09/2007 04:36:24 AM (18 years ago)
Author:
markjaquith
Message:

Sanitize browser-bound add_query_arg() outputs. fixes #3937

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/wp-admin/upload-functions.php

    r4767 r5007  
    3636
    3737    if ( $href )
    38         $r .= "<a id='file-link-$id' href='$href' title='$post_title' class='file-link $class'>\n";
     38        $r .= "<a id='file-link-$id' href='" . attribute_escape($href) ."' title='$post_title' class='file-link $class'>\n";
    3939    if ( $href || $image_src )
    4040        $r .= "\t\t\t$innerHTML";
Note: See TracChangeset for help on using the changeset viewer.