Make WordPress Core


Ignore:
Timestamp:
06/24/2022 01:50:53 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Media: Use correct escaping function for URLs in some legacy media functions.

This affects:

  • get_image_send_to_editor()
  • image_link_input_fields()

Follow-up to [7092], [7874], [8653], [11109], [11204], [11383], [12051], [12199], [19982].

Props smit08, mukesh27.
Fixes #56064.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/media.php

    r53455 r53570  
    146146
    147147    if ( $url ) {
    148         $html = '<a href="' . esc_attr( $url ) . '"' . $rel . '>' . $html . '</a>';
     148        $html = '<a href="' . esc_url( $url ) . '"' . $rel . '>' . $html . '</a>';
    149149    }
    150150
     
    12701270    <input type='text' class='text urlfield' name='attachments[$post->ID][url]' value='" . esc_attr( $url ) . "' /><br />
    12711271    <button type='button' class='button urlnone' data-link-url=''>" . __( 'None' ) . "</button>
    1272     <button type='button' class='button urlfile' data-link-url='" . esc_attr( $file ) . "'>" . __( 'File URL' ) . "</button>
    1273     <button type='button' class='button urlpost' data-link-url='" . esc_attr( $link ) . "'>" . __( 'Attachment Post URL' ) . '</button>
     1272    <button type='button' class='button urlfile' data-link-url='" . esc_url( $file ) . "'>" . __( 'File URL' ) . "</button>
     1273    <button type='button' class='button urlpost' data-link-url='" . esc_url( $link ) . "'>" . __( 'Attachment Post URL' ) . '</button>
    12741274';
    12751275}
Note: See TracChangeset for help on using the changeset viewer.