WordPress.org

Make WordPress Core

Changeset 10787


Ignore:
Timestamp:
03/15/09 07:59:12 (5 years ago)
Author:
azaozz
Message:

Fully escape Post/Page titles, props Viper007Bond, fixes #9322

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-advanced.php

    r10680 r10787  
    596596<div id="titlediv"> 
    597597<div id="titlewrap"> 
    598     <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" /> 
     598    <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 
    599599</div> 
    600600<div class="inside"> 
  • trunk/wp-admin/edit-page-form.php

    r10680 r10787  
    444444<div id="titlediv"> 
    445445<div id="titlewrap"> 
    446   <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" /> 
     446  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" /> 
    447447</div> 
    448448<div class="inside"> 
Note: See TracChangeset for help on using the changeset viewer.