diff options
Diffstat (limited to 'wp-admin/upload-functions.php')
| -rw-r--r-- | wp-admin/upload-functions.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/wp-admin/upload-functions.php b/wp-admin/upload-functions.php index 3b093d1..5e6c8c8 100644 --- a/wp-admin/upload-functions.php +++ b/wp-admin/upload-functions.php @@ -7,7 +7,7 @@ function wp_upload_display( $dims = false, $href = '' ) { list($width,$height) = wp_shrink_dimensions($attachment_data['width'], $attachment_data['height'], 171, 128); ob_start(); the_title(); - $post_title = wp_specialchars( ob_get_contents(), 1 ); + $post_title = attribute_escape(ob_get_contents()); ob_end_clean(); $post_content = apply_filters( 'content_edit_pre', $post->post_content ); @@ -71,9 +71,9 @@ function wp_upload_view() { echo '[ '; echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'edit' ), 1 ) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; + echo '<a href="' . attribute_escape(add_query_arg('action', 'edit')) . '" title="' . __('Edit this file') . '">' . __('edit') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( remove_query_arg( array('action', 'ID') ), 1 ) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; + echo '<a href="' . attribute_escape(remove_query_arg(array('action', 'ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; echo ' ]'; ?></span> </div> @@ -111,9 +111,9 @@ function wp_upload_form() { echo '[ '; echo '<a href="' . get_permalink() . '">' . __('view') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( add_query_arg( 'action', 'view' ), 1 ) . '">' . __('links') . '</a>'; + echo '<a href="' . attribute_escape(add_query_arg('action', 'view')) . '">' . __('links') . '</a>'; echo ' | '; - echo '<a href="' . wp_specialchars( remove_query_arg( array('action','ID') ), 1 ) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; + echo '<a href="' . attribute_escape(remove_query_arg(array('action','ID'))) . '" title="' . __('Browse your files') . '">' . __('cancel') . '</a>'; echo ' ]'; ?></span> </div> |