[wp-trac] [WordPress Trac] #6898: Bad quote escaping in media
uploader?
WordPress Trac
wp-trac at lists.automattic.com
Fri May 2 14:12:49 GMT 2008
#6898: Bad quote escaping in media uploader?
---------------------+------------------------------------------------------
Reporter: Otto42 | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version: 2.5.1
Severity: normal | Keywords:
---------------------+------------------------------------------------------
Report and fix here:
http://wordpress.org/support/topic/164563/page/2?replies=50#post-737670
Other people report the same issue and that the fix works too.
Short version:
wp-admin/includes/media.php, line 57
{{{
$html = "<a href='".attribute_escape($url)."'$rel>$html</a>";
}}}
Should be this:
{{{
$html = "<a href=\"".attribute_escape($url)."\"$rel>$html</a>";
}}}
Because the single quote there can hork up some javascript code that it
gets inserted into.
--
Ticket URL: <http://trac.wordpress.org/ticket/6898>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list