Skip to content

Commit 4372cdf

Browse files
committed
Admin: Escape attachment name in case it contains special characters
Built from https://develop.svn.wordpress.org/trunk@37774 git-svn-id: http://core.svn.wordpress.org/trunk@37739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
1 parent 2bdc117 commit 4372cdf

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

Diff for: wp-admin/includes/class-wp-media-list-table.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -395,7 +395,7 @@ public function column_title( $post ) {
395395
<span class="screen-reader-text"><?php _e( 'File name:' ); ?> </span>
396396
<?php
397397
$file = get_attached_file( $post->ID );
398-
echo wp_basename( $file );
398+
echo esc_html( wp_basename( $file ) );
399399
?>
400400
</p>
401401
<?php

Diff for: wp-includes/post-template.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -1475,7 +1475,7 @@ function wp_get_attachment_link( $id = 0, $size = 'thumbnail', $permalink = fals
14751475
* @param bool $icon Whether to include an icon. Default false.
14761476
* @param string|bool $text If string, will be link text. Default false.
14771477
*/
1478-
return apply_filters( 'wp_get_attachment_link', "<a href='$url'>$link_text</a>", $id, $size, $permalink, $icon, $text );
1478+
return apply_filters( 'wp_get_attachment_link', "<a href='" . esc_url( $url ) . "'>$link_text</a>", $id, $size, $permalink, $icon, $text );
14791479
}
14801480

14811481
/**

Diff for: wp-includes/version.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
*
55
* @global string $wp_version
66
*/
7-
$wp_version = '4.6-alpha-37756';
7+
$wp_version = '4.6-alpha-37774';
88

99
/**
1010
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

0 commit comments

Comments
 (0)