X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/f6364df6999f38896cc58171ec4a503f4f2dedcf..e9d988989fe37ab8c5f903e47fbe36e6e00dc51f:/wp-admin/includes/media.php?ds=inline

diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php
index c9d603ea..7e27ded1 100644
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -1192,7 +1192,7 @@ function get_media_item( $attachment_id, $args = null ) {
 	$toggle_on  = __( 'Show' );
 	$toggle_off = __( 'Hide' );
 
-	$filename = basename( $post->guid );
+	$filename = esc_html( basename( $post->guid ) );
 	$title = esc_attr( $post->post_title );
 
 	if ( $_tags = get_the_tags( $attachment_id ) ) {