1 files changed, 9 insertions, 4 deletions

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index be70d92..0fb84bb 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -55,7 +55,7 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
 	$rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
 
 	if ( $url )
-		$html = "<a href='".attribute_escape($url)."'$rel>$html</a>";
+		$html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
 
 	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );
 
@@ -180,7 +180,7 @@ add_action( 'media_buttons', 'media_buttons' );
 function media_buttons_head() {
 $siteurl = get_option('siteurl');
 echo "<style type='text/css' media='all'>
-	@import '{$siteurl}/wp-includes/js/thickbox/thickbox.css?1';
+	@import '{$siteurl}/wp-includes/js/thickbox/thickbox.css?ver=20080430';
 	div#TB_title {
 		background-color: #222222;
 		color: #cfcfcf;
@@ -188,6 +188,9 @@ echo "<style type='text/css' media='all'>
 	div#TB_title a, div#TB_title a:visited {
 		color: #cfcfcf;
 	}
+	#TB_window {
+		top: 20px;
+	}
 </style>\n";
 }
 
@@ -791,6 +794,7 @@ jQuery(function($){
 			post_params : {
 				"post_id" : "<?php echo $post_id; ?>",
 				"auth_cookie" : "<?php echo $_COOKIE[AUTH_COOKIE]; ?>",
+				"_wpnonce" : "<?php echo wp_create_nonce('media-form'); ?>",
 				"type" : "<?php echo $type; ?>",
 				"tab" : "<?php echo $tab; ?>",
 				"short" : "1"
@@ -815,6 +819,7 @@ jQuery(function($){
 //-->
 </script>
 
+
 <div id="flash-upload-ui">
 <?php do_action('pre-flash-upload-ui'); ?>
 	<p><input id="flash-browse-button" type="button" value="<?php echo attribute_escape( __( 'Choose files to upload' ) ); ?>" class="button" /></p>
@@ -959,7 +964,6 @@ function media_upload_library_form($errors) {
 	<input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
 </div>
 
-<p>
 <ul class="subsubsub">
 <?php
 $type_links = array();
@@ -991,7 +995,6 @@ echo implode(' | </li>', $type_links) . '</li>';
 unset($type_links);
 ?>
 </ul>
-</p>
 
 <div class="tablenav">
 
@@ -1066,8 +1069,10 @@ jQuery(function($){
 <div id="media-items">
 <?php echo get_media_items(null, $errors); ?>
 </div>
+<p class="ml-submit">
 <input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
+</p>
 </form>
 <?php
 }