}
}
+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
$post = (int) $post;
$images_width = 1;
case 'delete':
+check_admin_referer('inlineuploading');
+
if ( !current_user_can('edit_post', (int) $attachment) )
die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&all=$all&action=upload\">".__('Go back').'</a>');
wp_delete_attachment($attachment);
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
+wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
die;
case 'save':
+check_admin_referer('inlineuploading');
+
$overrides = array('action'=>'save');
$file = wp_handle_upload($_FILES['image'], $overrides);
add_post_meta($id, '_wp_attachment_metadata', array());
}
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
+wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
die();
case 'upload':
$attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
if ( count($attachments) == 0 ) {
- header("Location: ".basename(__FILE__)."?post=$post&action=upload");
+ wp_redirect( basename(__FILE__) ."?post=$post&action=upload" );
die;
} elseif ( count($attachments) > $num ) {
$next = $start + count($attachments) - $num;
</noscript>
";
$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
-<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&attachment={$ID}&all=$all&start=$start&post=$post\">$__delete</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&attachment={$ID}&all=$all&start=$start&post=$post", inlineuploading) . "\">$__delete</a>
<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
";
$uwidth_sum += 128;
$xpadding = (128 - $image['uwidth']) / 2;
$ypadding = (96 - $image['uheight']) / 2;
$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
- $title = htmlentities($image['post_title'], ENT_QUOTES);
+ $title = attribute_escape($image['post_title']);
$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
</div>
";
} else {
- $title = htmlentities($attachment['post_title'], ENT_QUOTES);
+ $title = attribute_escape($attachment['post_title']);
$filename = basename($attachment['guid']);
$icon = get_attachment_icon($ID);
$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
+<title></title>
<meta http-equiv="imagetoolbar" content="no" />
<script type="text/javascript">
+// <![CDATA[
/* Define any variables we'll need, such as alternate URLs. */
<?php echo $script; ?>
function htmldecode(st) {
function sendToEditor(n) {
o = document.getElementById('div'+n);
h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
- h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)( |/|>)', 'g'), ' $1="$2"$3'); // Enclose attribs in quotes
+ h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes
h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
else
win.edInsertContent(win.edCanvas, h);
}
+// ]]>
</script>
<style type="text/css">
<?php if ( $action == 'links' ) : ?>
</head>
<body>
<ul id="upload-menu">
-<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&post=$post&all=$all&start=$start"; ?>"><?php _e('Upload'); ?></a></li>
<?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
-<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&post=<?php echo $post; ?>&all=false"><?php _e('Browse'); ?></a></li>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=false"; ?>"><?php _e('Browse'); ?></a></li>
<?php } ?>
<?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
-<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&post=<?php echo $post; ?>&all=true"><?php _e('Browse All'); ?></a></li>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=true"; ?>"><?php _e('Browse All'); ?></a></li>
<?php } ?>
<li> </li>
<?php if ( $action == 'view' ) { ?>
<?php if ( false !== $back ) : ?>
-<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=0" title="<?php _e('First'); ?>">|«</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $back; ?>"">« <?php _e('Back'); ?></a></li>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=0"; ?>" title="<?php _e('First'); ?>">|«</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$back"; ?>">« <?php _e('Back'); ?></a></li>
<?php else : ?>
<li class="inactive spacer">|«</li>
<li class="inactive">« <?php _e('Back'); ?></li>
<?php endif; ?>
<?php if ( false !== $next ) : ?>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $next; ?>"><?php _e('Next'); ?> »</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&last=true" title="<?php _e('Last'); ?>">»|</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$next"; ?>"><?php _e('Next »'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&last=true"; ?>" title="<?php _e('Last'); ?>">»|</a></li>
<?php else : ?>
<li class="inactive"><?php _e('Next'); ?> »</li>
<li class="inactive">»|</li>
</div>
<?php elseif ( $action == 'upload' ) : ?>
<div class="tip"></div>
-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo basename(__FILE__); ?>">
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo basename(__FILE__); ?>">
<table style="width:99%;">
<tr>
<th scope="row" align="right"><label for="upload"><?php _e('File:'); ?></label></th>
<input type="hidden" name="post" value="<?php echo $post; ?>" />
<input type="hidden" name="all" value="<?php echo $all; ?>" />
<input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
<div id="submit">
<input type="submit" value="<?php _e('Upload'); ?>" />
<?php if ( !empty($all) ) : ?>
</td>
</tr>
</table>
-</div>
</form>
<?php elseif ( $action == 'links' ) : ?>
<div id="links">