diff --git a/includes/wc-template-functions.php b/includes/wc-template-functions.php index 4b24a00f45..e61315ca35 100644 --- a/includes/wc-template-functions.php +++ b/includes/wc-template-functions.php @@ -1396,15 +1396,26 @@ function wc_get_gallery_image_html( $attachment_id, $main_image = false ) { $full_size = apply_filters( 'woocommerce_gallery_full_size', apply_filters( 'woocommerce_product_thumbnails_large_size', 'full' ) ); $thumbnail_src = wp_get_attachment_image_src( $attachment_id, $thumbnail_size ); $full_src = wp_get_attachment_image_src( $attachment_id, $full_size ); - $image = wp_get_attachment_image( $attachment_id, $image_size, false, array( - 'title' => get_post_field( 'post_title', $attachment_id ), - 'data-caption' => get_post_field( 'post_excerpt', $attachment_id ), - 'data-src' => $full_src[0], - 'data-large_image' => $full_src[0], - 'data-large_image_width' => $full_src[1], - 'data-large_image_height' => $full_src[2], - 'class' => $main_image ? 'wp-post-image' : '', - ) ); + $image = wp_get_attachment_image( + $attachment_id, + $image_size, + false, + apply_filters( + 'woocommerce_gallery_image_html_attachment_image_params', + array( + 'title' => _wp_specialchars( get_post_field( 'post_title', $attachment_id ), ENT_QUOTES, 'UTF-8', true ), + 'data-caption' => _wp_specialchars( get_post_field( 'post_excerpt', $attachment_id ), ENT_QUOTES, 'UTF-8', true ), + 'data-src' => esc_url( $full_src[0] ), + 'data-large_image' => esc_url( $full_src[0] ), + 'data-large_image_width' => esc_attr( $full_src[1] ), + 'data-large_image_height' => esc_attr( $full_src[2] ), + 'class' => esc_attr( $main_image ? 'wp-post-image' : '' ), + ), + $attachment_id, + $image_size, + $main_image + ) + ); return '
' . $image . '
'; }