Skip to content

Commit

Permalink
attribute_escape() in upload form action. Props Nazgul. fixes #4689 f…
Browse files Browse the repository at this point in the history 
…or 2.2.x

git-svn-id: http://svn.automattic.com/wordpress/branches/2.2@5828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information
markjaquith committed Aug 1, 2007
1 parent 1e03ffb commit 77a94e8
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion wp-admin/upload-functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,8 +105,9 @@ function wp_upload_form() {
$id = get_the_ID();
global $post_id, $tab, $style;
$enctype = $id ? '' : ' enctype="multipart/form-data"';
$post_id = (int) $post_id;
?>
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style) . '&amp;tab=upload&amp;post_id=' . $post_id; ?>">
<?php
if ( $id ) :
$attachment = get_post_to_edit( $id );
Expand Down

0 comments on commit 77a94e8

Please sign in to comment.