diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-08-06 09:35:24 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-08-06 09:35:24 +0000 |
| commit | d407afd2cf84fa1d87be4dd387cdb6539aac3112 (patch) | |
| tree | 3b87936604a68a81cfcca74af607c5108d535142 /wp-admin/upload-functions.php | |
| parent | f7904d143986a96e6f209b51b380ad1ee640cad5 (diff) | |
| download | wordpress-mu-d407afd2cf84fa1d87be4dd387cdb6539aac3112.tar.gz wordpress-mu-d407afd2cf84fa1d87be4dd387cdb6539aac3112.tar.xz wordpress-mu-d407afd2cf84fa1d87be4dd387cdb6539aac3112.zip | |
Sync for WP 2.2.2
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1013 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/upload-functions.php')
| -rw-r--r-- | wp-admin/upload-functions.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php index 31965bc..e2d734d 100644 --- a/wp-admin/upload-functions.php +++ b/wp-admin/upload-functions.php @@ -105,8 +105,9 @@ function wp_upload_form() { $id = get_the_ID(); global $post_id, $tab, $style; $enctype = $id ? '' : ' enctype="multipart/form-data"'; + $post_id = (int) $post_id; ?> - <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=upload&post_id=$post_id"; ?>"> + <form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&tab=upload&post_id=' . $post_id); ?>"> <?php if ( $id ) : $attachment = get_post_to_edit( $id ); @@ -201,7 +202,7 @@ function wp_upload_tab_upload_action() { if ( !current_user_can( 'upload_files' ) ) wp_die( __('You are not allowed to upload files.') - . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=browse-all&post_id=$post_id'>" + . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=browse-all&post_id=$post_id") . "'>" . __('Browse Files') . '</a>' ); @@ -211,7 +212,7 @@ function wp_upload_tab_upload_action() { if ( isset($file['error']) ) wp_die($file['error'] . "<br /><a href='" . get_option('siteurl') - . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id'>" . __('Back to Image Uploading') . '</a>' + . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>' ); $url = $file['url']; @@ -258,7 +259,7 @@ function wp_upload_tab_upload_action() { if ( !current_user_can('edit_post', (int) $ID) ) wp_die( __('You are not allowed to delete this attachment.') - . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&tab=$from_tab&post_id=$post_id'>" + . " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&tab=$from_tab&post_id=$post_id") . "'>" . __('Go back') . '</a>' ); |