#6898 closed defect (bug) (fixed)
Bad quote escaping in media uploader?
Reported by: | Otto42 | Owned by: | |
---|---|---|---|
Milestone: | 2.6 | Priority: | normal |
Severity: | normal | Version: | 2.5.1 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Report and fix here:
http://wordpress.org/support/topic/164563/page/2?replies=50#post-737670
Other people report the same issue and that the fix works too.
Short version:
wp-admin/includes/media.php, line 57
$html = "<a href='".attribute_escape($url)."'$rel>$html</a>";
Should be this:
$html = "<a href=\"".attribute_escape($url)."\"$rel>$html</a>";
Because the single quote there can hork up some javascript code that it gets inserted into.
Change History (5)
Note: See
TracTickets for help on using
tickets.
(In [7874]) Fix send_to_editor escaping. Props Glotzfisch. fixes #6898 for trunk