diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index db804e1b5..36320b554 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -328,10 +328,12 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false)
if ( ('attachment' != $_post->post_type) || ('' == $_post->guid) )
return __('Missing Attachment');
+ $post_title = wp_specialchars( $_post->post_title, 1 );
+
if (! empty($_post->guid) ) {
$innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims);
- return "guid}\" title=\"{$_post->post_title}\" >{$innerHTML}";
+ return "$innerHTML";
} else {
$p .= __('Missing Attachment');
@@ -400,11 +402,11 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) {
if ( $actual_aspect >= $desired_aspect ) {
$height = $actual_aspect * $max_dims[0];
- $constraint = "width=\"{$max_dims[0]}\" ";
+ $constraint = "width='{$max_dims[0]}' ";
$post->iconsize = array($max_dims[0], $height);
} else {
$width = $max_dims[1] / $actual_aspect;
- $constraint = "height=\"{$max_dims[1]}\" ";
+ $constraint = "height='{$max_dims[1]}' ";
$post->iconsize = array($width, $max_dims[1]);
}
} else {
@@ -412,7 +414,9 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) {
}
}
- $icon = "post_title}\" alt=\"{$post->post_title}\" {$constraint}/>";
+ $post_title = wp_specialchars( $post->post_title, 1 );
+
+ $icon = "";
return apply_filters('attachment_icon', $icon, $post->ID);
}
@@ -425,7 +429,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false)
$post = & get_post($id);
- $innerHTML = $post->post_title;
+ $innerHTML = wp_specialchars( $post->post_title, 1 );
return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
}