Make WordPress Core


Ignore:
Timestamp:
05/04/2009 05:54:08 PM (15 years ago)
Author:
ryan
Message:

Attr escaping

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-content/themes/classic/comments-popup.php

    r11109 r11173  
    6868<?php else : ?>
    6969    <p>
    70       <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
     70      <input type="text" name="author" id="author" class="textarea" value="<?php echo attr($comment_author); ?>" size="28" tabindex="1" />
    7171       <label for="author"><?php _e("Name"); ?></label>
    7272    </p>
    7373
    7474    <p>
    75       <input type="text" name="email" id="email" value="<?php echo $comment_author_email; ?>" size="28" tabindex="2" />
     75      <input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="28" tabindex="2" />
    7676       <label for="email"><?php _e("E-mail"); ?></label>
    7777    </p>
    7878
    7979    <p>
    80       <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" />
     80      <input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="28" tabindex="3" />
    8181       <label for="url"><?php _e("<abbr title=\"Universal Resource Locator\">URL</abbr>"); ?></label>
    8282    </p>
     
    9292      <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
    9393      <input type="hidden" name="redirect_to" value="<?php echo attr($_SERVER["REQUEST_URI"]); ?>" />
    94       <input name="submit" type="submit" tabindex="5" value="<?php _e("Say It!"); ?>" />
     94      <input name="submit" type="submit" tabindex="5" value="<?php _ea("Say It!"); ?>" />
    9595    </p>
    9696    <?php do_action('comment_form', $post->ID); ?>
Note: See TracChangeset for help on using the changeset viewer.