Mercurial Mercurial > enmi-conf.org / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wp/wp-admin/media-new.php
changeset 18 be944660c56a
parent 16 a86126ab1dd4
child 19 3d72ae0968f4 
--- a/wp/wp-admin/media-new.php	Tue Dec 15 15:52:01 2020 +0100
+++ b/wp/wp-admin/media-new.php	Wed Sep 21 18:19:35 2022 +0200
@@ -72,14 +72,14 @@
 <div class="wrap">
 	<h1><?php echo esc_html( $title ); ?></h1>
 
-	<form enctype="multipart/form-data" method="post" action="<?php echo admin_url( 'media-new.php' ); ?>" class="<?php echo esc_attr( $form_class ); ?>" id="file-form">
+	<form enctype="multipart/form-data" method="post" action="<?php echo esc_url( admin_url( 'media-new.php' ) ); ?>" class="<?php echo esc_attr( $form_class ); ?>" id="file-form">
 
 	<?php media_upload_form(); ?>
 
 	<script type="text/javascript">
-	var post_id = <?php echo $post_id; ?>, shortform = 3;
+	var post_id = <?php echo absint( $post_id ); ?>, shortform = 3;
 	</script>
-	<input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" />
+	<input type="hidden" name="post_id" id="post_id" value="<?php echo absint( $post_id ); ?>" />
 	<?php wp_nonce_field( 'media-form' ); ?>
 	<div id="media-items" class="hide-if-no-js"></div>
 	</form>
enmi-conf.org