Make WordPress Core


Ignore:
Timestamp:
04/27/2009 11:09:08 PM (16 years ago)
Author:
ryan
Message:

Some attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-link-category-form.php

    r11047 r11104  
    5858<div id="ajax-response"></div>
    5959<?php echo $form ?>
    60 <input type="hidden" name="action" value="<?php echo $action ?>" />
    61 <input type="hidden" name="cat_ID" value="<?php echo $category->term_id ?>" />
     60<input type="hidden" name="action" value="<?php echo attr($action) ?>" />
     61<input type="hidden" name="cat_ID" value="<?php echo attr($category->term_id) ?>" />
    6262<?php wp_original_referer_field(true, 'previous'); wp_nonce_field($nonce_action); ?>
    6363    <table class="form-table">
    6464        <tr class="form-field form-required">
    6565            <th scope="row" valign="top"><label for="name"><?php _e('Link Category name') ?></label></th>
    66             <td><input name="name" id="name" type="text" value="<?php echo $category->name; ?>" size="40" aria-required="true" /></td>
     66            <td><input name="name" id="name" type="text" value="<?php echo attr($category->name); ?>" size="40" aria-required="true" /></td>
    6767        </tr>
    6868        <tr class="form-field">
     
    7676        </tr>
    7777    </table>
    78 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo $submit_text ?>" /></p>
     78<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo attr($submit_text) ?>" /></p>
    7979<?php do_action('edit_link_category_form', $category); ?>
    8080</form>
Note: See TracChangeset for help on using the changeset viewer.