$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
+ check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
$toggle_on = __( 'Show' );
$toggle_off = __( 'Hide' );
- $filename = basename( $post->guid );
+ $filename = esc_html( basename( $post->guid ) );
$title = esc_attr( $post->post_title );
if ( $_tags = get_the_tags( $attachment_id ) ) {