Make WordPress Core


Ignore:
Timestamp:
04/28/2009 06:37:51 AM (16 years ago)
Author:
ryan
Message:

attr escaping. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/install.php

    r10774 r11110  
    5858        <tr>
    5959            <th scope="row"><label for="weblog_title"><?php _e('Blog Title'); ?></label></th>
    60             <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? $_POST['weblog_title'] : '' ); ?>" /></td>
     60            <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo ( isset($_POST['weblog_title']) ? attr($_POST['weblog_title']) : '' ); ?>" /></td>
    6161        </tr>
    6262        <tr>
    6363            <th scope="row"><label for="admin_email"><?php _e('Your E-mail'); ?></label></th>
    64             <td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? $_POST['admin_email'] : '' ); ?>" /><br />
     64            <td><input name="admin_email" type="text" id="admin_email" size="25" value="<?php echo ( isset($_POST['admin_email']) ? attr($_POST['admin_email']) : '' ); ?>" /><br />
    6565            <?php _e('Double-check your email address before continuing.'); ?>
    6666        </tr>
     
    6969        </tr>
    7070    </table>
    71     <p class="step"><input type="submit" name="Submit" value="<?php _e('Install WordPress'); ?>" class="button" /></p>
     71    <p class="step"><input type="submit" name="Submit" value="<?php _ea('Install WordPress'); ?>" class="button" /></p>
    7272</form>
    7373<?php
Note: See TracChangeset for help on using the changeset viewer.