vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 18:24:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Sanitize browser-bound add_query_arg() outputs. fixes #3937

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@5007 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2007-03-09 04:36:24 +00:00
parent b35406f1ad
commit db67d51e29
4 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/admin-functions.php
View File

@@ -1935,7 +1935,7 @@ function wp_import_upload_form( $action ) {
if (strpos($size, 'g') !== false)
$bytes = $size * 1024 * 1024 * 1024;
?>
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo $action ?>">
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
<p>
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
<input type="file" id="upload" name="import" size="25" />