Make WordPress Core


Ignore:
Timestamp:
05/04/2009 05:54:08 PM (16 years ago)
Author:
ryan
Message:

Attr escaping

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/import/wordpress.php

    r11109 r11173  
    234234
    235235        echo '<p class="submit">';
    236         echo '<input type="submit" class="button" value="'.attr( __('Submit') ).'" />'.'<br />';
     236        echo '<input type="submit" class="button" value="'. _a('Submit') .'" />'.'<br />';
    237237        echo '</p>';
    238238        echo '</form>';
     
    243243
    244244        if ( $this->allow_create_users() ) {
    245             printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />');
     245            printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'. attr($author) .'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />');
    246246        }
    247247        else {
     
    250250
    251251        // keep track of $n => $author name
    252         echo '<input type="hidden" name="author_in['.intval($n).']" value="'.htmlspecialchars($author).'" />';
     252        echo '<input type="hidden" name="author_in['.intval($n).']" value="'.attr($author).'" />';
    253253
    254254        $users = get_users_of_blog();
Note: See TracChangeset for help on using the changeset viewer.