Make WordPress Core


Ignore:
Timestamp:
08/01/2007 05:20:01 PM (17 years ago)
Author:
markjaquith
Message:

attribute_escape() in upload form action. Props Nazgul. fixes #4689 for trunk

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/upload.php

    r5801 r5827  
    106106    global $post_id, $tab, $style;
    107107    $enctype = $id ? '' : ' enctype="multipart/form-data"';
     108    $post_id = (int) $post_id;
    108109?>
    109     <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
     110    <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
    110111<?php
    111112    if ( $id ) :
Note: See TracChangeset for help on using the changeset viewer.