Make WordPress Core


Ignore:
Timestamp:
03/15/2009 07:59:12 AM (16 years ago)
Author:
azaozz
Message:

Fully escape Post/Page titles, props Viper007Bond, fixes #9322

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-page-form.php

    r10680 r10787  
    444444<div id="titlediv">
    445445<div id="titlewrap">
    446   <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
     446  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
    447447</div>
    448448<div class="inside">
Note: See TracChangeset for help on using the changeset viewer.