Make WordPress Core

Changeset 58210


Ignore:
Timestamp:
05/27/2024 02:29:56 PM (9 months ago)
Author:
audrasjb
Message:

Upload: Add missing escaping functions in wp-admin/async-upload.php.

Props nareshbheda, mukesh27.
Fixes #60978.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/async-upload.php

    r56600 r58210  
    6565                    <div class="filename new">
    6666                        <span class="media-list-title"><strong><?php echo esc_html( wp_html_excerpt( $title, 60, '&hellip;' ) ); ?></strong></span>
    67                         <span class="media-list-subtitle"><?php echo wp_basename( $file ); ?></span>
     67                        <span class="media-list-subtitle"><?php echo esc_html( wp_basename( $file ) ); ?></span>
    6868                    </div>
    6969                </div>
    7070                <div class="attachment-tools">
    7171                    <span class="media-item-copy-container copy-to-clipboard-container edit-attachment">
    72                         <button type="button" class="button button-small copy-attachment-url" data-clipboard-text="<?php echo $file_url; ?>"><?php _e( 'Copy URL to clipboard' ); ?></button>
     72                        <button type="button" class="button button-small copy-attachment-url" data-clipboard-text="<?php echo esc_url( $file_url ); ?>"><?php _e( 'Copy URL to clipboard' ); ?></button>
    7373                        <span class="success hidden" aria-hidden="true"><?php _e( 'Copied!' ); ?></span>
    7474                    </span>
Note: See TracChangeset for help on using the changeset viewer.