vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Media: Use correct escaping function for URLs in some legacy media functions.

Browse Source 
This affects:
* `get_image_send_to_editor()`
* `image_link_input_fields()`

Follow-up to [7092], [7874], [8653], [11109], [11204], [11383], [12051], [12199], [19982].

Props smit08, mukesh27.
Fixes #56064.

git-svn-id: https://develop.svn.wordpress.org/trunk@53570 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov
2022-06-24 13:50:53 +00:00
parent ed2bf69b0f
commit c5db33f82e
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-admin/includes/media.php
View File

@@ -145,7 +145,7 @@ function get_image_send_to_editor( $id, $caption, $title, $align, $url = '', $re
}
if ( $url ) {
$html = '<a href="' . esc_attr( $url ) . '"' . $rel . '>' . $html . '</a>';
$html = '<a href="' . esc_url( $url ) . '"' . $rel . '>' . $html . '</a>';
}
/**
@@ -1269,8 +1269,8 @@ function image_link_input_fields( $post, $url_type = '' ) {
return "
<input type='text' class='text urlfield' name='attachments[$post->ID][url]' value='" . esc_attr( $url ) . "' /><br />
<button type='button' class='button urlnone' data-link-url=''>" . __( 'None' ) . "</button>
<button type='button' class='button urlfile' data-link-url='" . esc_attr( $file ) . "'>" . __( 'File URL' ) . "</button>
<button type='button' class='button urlpost' data-link-url='" . esc_attr( $link ) . "'>" . __( 'Attachment Post URL' ) . '</button>
<button type='button' class='button urlfile' data-link-url='" . esc_url( $file ) . "'>" . __( 'File URL' ) . "</button>
<button type='button' class='button urlpost' data-link-url='" . esc_url( $link ) . "'>" . __( 'Attachment Post URL' ) . '</button>
';
}