| 63 | | which works as expected. |
| | 63 | which works as expected. |
| | 64 | |
| | 65 | ''Ps'': |
| | 66 | |
| | 67 | Another idea would be to use the {{{sanitize_mime_type}}} function: |
| | 68 | |
| | 69 | {{{ |
| | 70 | '<option value="post_mime_type:' . sanitize_mime_type( $mime_type ) |
| | 71 | }}} |
| | 72 | |
| | 73 | where |
| | 74 | |
| | 75 | {{{ |
| | 76 | function sanitize_mime_type( $mime_type ) { |
| | 77 | $sani_mime_type = preg_replace( '/[^-+*.a-zA-Z0-9\/]/', '', $mime_type ); |
| | 78 | /** |
| | 79 | * Filter a mime type following sanitization. |
| | 80 | * |
| | 81 | * @since 3.1.3 |
| | 82 | * |
| | 83 | * @param string $sani_mime_type The sanitized mime type. |
| | 84 | * @param string $mime_type The mime type prior to sanitization. |
| | 85 | */ |
| | 86 | return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type ); |
| | 87 | } |
| | 88 | }}} |
| | 89 | |
| | 90 | but I also wonder if we would need this function or {{{urlencode}}} or even {{{esc_attr()}}}, since it looks like these mime type strings have already gone through the {{{sanitize_mime_type}}} function through: |
| | 91 | |
| | 92 | {{{ |
| | 93 | add_filter( 'post_mime_type', 'sanitize_mime_type' ); |
| | 94 | }}} |
| | 95 | |
| | 96 | but then again, someone might remove or modify the filter ;-) |