From b01f6d8c75cec1bfd4b3580b3d3a813908f88da9 Mon Sep 17 00:00:00 2001 From: Mark Jaquith Date: Wed, 1 Aug 2007 17:20:01 +0000 Subject: [PATCH] attribute_escape() in upload form action. Props Nazgul. fixes #4689 for trunk git-svn-id: https://develop.svn.wordpress.org/trunk@5827 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/upload.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wp-admin/includes/upload.php b/wp-admin/includes/upload.php index b09ff2fdff..3f472e0287 100644 --- a/wp-admin/includes/upload.php +++ b/wp-admin/includes/upload.php @@ -105,8 +105,9 @@ function wp_upload_form() { $id = get_the_ID(); global $post_id, $tab, $style; $enctype = $id ? '' : ' enctype="multipart/form-data"'; + $post_id = (int) $post_id; ?> - id="upload-file" method="post" action=""> + id="upload-file" method="post" action="">