From 5aeac330dc0b61192fd0bc007666d08d964f2c0a Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 17 Oct 2006 18:24:36 +0000
Subject: [PATCH] Entity encode image title attribute.  Props mdawaffe.  fixes
 #3258

git-svn-id: http://svn.automattic.com/wordpress/trunk@4402 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/post-template.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php
index db804e1b5..36320b554 100644
--- a/wp-includes/post-template.php
+++ b/wp-includes/post-template.php
@@ -328,10 +328,12 @@ function get_the_attachment_link($id = 0, $fullsize = false, $max_dims = false)
 	if ( ('attachment' != $_post->post_type) || ('' == $_post->guid) )
 		return __('Missing Attachment');
 
+	$post_title = wp_specialchars( $_post->post_title, 1 );
+
 	if (! empty($_post->guid) ) {
 		$innerHTML = get_attachment_innerHTML($_post->ID, $fullsize, $max_dims);
 
-		return "<a href=\"{$_post->guid}\" title=\"{$_post->post_title}\" >{$innerHTML}</a>";
+		return "<a href='$_post->guid' title='$post_title'>$innerHTML</a>";
 
 	} else {
 		$p .= __('Missing Attachment');
@@ -400,11 +402,11 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) {
 
 			if ( $actual_aspect >= $desired_aspect ) {
 				$height = $actual_aspect * $max_dims[0];
-				$constraint = "width=\"{$max_dims[0]}\" ";
+				$constraint = "width='{$max_dims[0]}' ";
 				$post->iconsize = array($max_dims[0], $height);
 			} else {
 				$width = $max_dims[1] / $actual_aspect;
-				$constraint = "height=\"{$max_dims[1]}\" ";
+				$constraint = "height='{$max_dims[1]}' ";
 				$post->iconsize = array($width, $max_dims[1]);
 			}
 		} else {
@@ -412,7 +414,9 @@ function get_attachment_icon($id = 0, $fullsize = false, $max_dims = false) {
 		}
 	}
 
-	$icon = "<img src=\"{$src}\" title=\"{$post->post_title}\" alt=\"{$post->post_title}\" {$constraint}/>";
+	$post_title = wp_specialchars( $post->post_title, 1 );
+
+	$icon = "<img src='$src' title='$post_title' alt='$post_title' $constraint/>";
 
 	return apply_filters('attachment_icon', $icon, $post->ID);
 }
@@ -425,7 +429,7 @@ function get_attachment_innerHTML($id = 0, $fullsize = false, $max_dims = false)
 
 	$post = & get_post($id);
 
-	$innerHTML = $post->post_title;
+	$innerHTML = wp_specialchars( $post->post_title, 1 );
 
 	return apply_filters('attachment_innerHTML', $innerHTML, $post->ID);
 }