]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-admin/includes/media.php
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Wordpress 3.1.3
[autoinstalls/wordpress.git] / wp-admin / includes / media.php
diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index 5a13bcc243bee95b800833af8b7d98b890ed683c..7e27ded13399e4d837adeb0b3a041be4dacfb62d 100644 (file)
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -499,6 +499,7 @@ function media_upload_image() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -604,6 +605,7 @@ function media_upload_audio() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -662,6 +664,7 @@ function media_upload_video() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -720,6 +723,7 @@ function media_upload_file() {
        $id = 0;
 
        if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+               check_admin_referer('media-form');
                // Upload File button was clicked
                $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
                unset($_FILES);
@@ -1188,7 +1192,7 @@ function get_media_item( $attachment_id, $args = null ) {
        $toggle_on  = __( 'Show' );
        $toggle_off = __( 'Hide' );
 
-       $filename = basename( $post->guid );
+       $filename = esc_html( basename( $post->guid ) );
        $title = esc_attr( $post->post_title );
 
        if ( $_tags = get_the_tags( $attachment_id ) ) {
WordPress autoinstaller for phpBB