WordPress.org

Make WordPress Core

Changeset 10787


Ignore:
Timestamp:
03/15/2009 07:59:12 AM (12 years ago)
Author:
azaozz
Message:

Fully escape Post/Page titles, props Viper007Bond, fixes #9322

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-advanced.php

    r10680 r10787  
    596596<div id="titlediv">
    597597<div id="titlewrap">
    598     <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
     598    <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
    599599</div>
    600600<div class="inside">
  • trunk/wp-admin/edit-page-form.php

    r10680 r10787  
    444444<div id="titlediv">
    445445<div id="titlewrap">
    446   <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
     446  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
    447447</div>
    448448<div class="inside">
Note: See TracChangeset for help on using the changeset viewer.