From c26e1c0cc325e07510d890aae296e7db468dc0fd Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 5 Jan 2006 01:43:30 +0000
Subject: [PATCH] Handle quotes in upload titles.  fixes #2198

git-svn-id: http://svn.automattic.com/wordpress/trunk@3398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/inline-uploading.php | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php
index 55b7a4265d..5b0c71f944 100644
--- a/wp-admin/inline-uploading.php
+++ b/wp-admin/inline-uploading.php
@@ -232,14 +232,15 @@ srcb[{$ID}] = '{$image['guid']}';
 			$xpadding = (128 - $image['uwidth']) / 2;
 			$ypadding = (96 - $image['uheight']) / 2;
 			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$image['post_title']}\">';
-ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$image['post_title']}\">';
-imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$image['post_title']}\" $height_width />';
-imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$image['post_title']}\" $height_width />';
+			$title = htmlentities($image['post_title'], ENT_QUOTES);
+			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
+imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\" $height_width />';
 ";
 			$html .= "<div id='target{$ID}' class='attwrap left'>
 	<div id='div{$ID}' class='imagewrap' onclick=\"doPopup({$ID});\">
-		<img id=\"image{$ID}\" src=\"$src\" alt=\"{$image['post_title']}\" $height_width />
+		<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />
 	</div>
 	{$noscript}
 </div>
@@ -251,19 +252,19 @@ imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$image['po
 </div>
 ";
 		} else {
-			$title = $attachment['post_title'];
+			$title = htmlentities($attachment['post_title'], ENT_QUOTES);
 			$filename = basename($attachment['guid']);
 			$icon = get_attachment_icon($ID);
 			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
-			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$attachment['post_title']}</a>';
-ab[{$ID}] = '<a id=\"p{$ID}\" href=\"{$filename}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$attachment['post_title']}</a>';
-title[{$ID}] = '{$attachment['post_title']}';
+			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$title}</a>';
+ab[{$ID}] = '<a id=\"p{$ID}\" href=\"{$filename}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">{$title}</a>';
+title[{$ID}] = '{$title}';
 filename[{$ID}] = '{$filename}';
 icon[{$ID}] = '{$icon}';
 ";
 			$html .= "<div id='target{$ID}' class='attwrap left'>
 	<div id='div{$ID}' class='otherwrap usingtext' onmousedown=\"selectLink({$ID})\" onclick=\"doPopup({$ID});return false;\">
-		<a id=\"p{$ID}\" href=\"{$attachment['guid']}\" onmousedown=\"selectLink({$ID});\" onclick=\"return false;\">{$attachment['post_title']}</a>
+		<a id=\"p{$ID}\" href=\"{$attachment['guid']}\" onmousedown=\"selectLink({$ID});\" onclick=\"return false;\">{$title}</a>
 	</div>
 	{$noscript}
 </div>