Make WordPress Core


Ignore:
Timestamp:
05/04/2009 05:54:08 PM (16 years ago)
Author:
ryan
Message:

Attr escaping

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-content/themes/default/comments-popup.php

    r11109 r11173  
    6767<?php else : ?>
    6868    <p>
    69       <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
     69      <input type="text" name="author" id="author" class="textarea" value="<?php echo attr($comment_author); ?>" size="28" tabindex="1" />
    7070       <label for="author">Name</label>
    7171    </p>
    7272
    7373    <p>
    74       <input type="text" name="email" id="email" value="<?php echo $comment_author_email; ?>" size="28" tabindex="2" />
     74      <input type="text" name="email" id="email" value="<?php echo attr($comment_author_email); ?>" size="28" tabindex="2" />
    7575       <label for="email">E-mail</label>
    7676    </p>
    7777
    7878    <p>
    79       <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" />
     79      <input type="text" name="url" id="url" value="<?php echo attr($comment_author_url); ?>" size="28" tabindex="3" />
    8080       <label for="url"><abbr title="Universal Resource Locator">URL</abbr></label>
    8181    </p>
Note: See TracChangeset for help on using the changeset viewer.