WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/05/2009 07:43:53 PM (11 years ago)
Author:
markjaquith
Message:

_a(), _ea(), _xa(), attr() are now esc_attr(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options.php

    r11110 r11204  
    100100foreach ( (array) $options as $option) :
    101101    $disabled = '';
    102     $option->option_name = attr($option->option_name);
     102    $option->option_name = esc_attr($option->option_name);
    103103    if ( is_serialized($option->option_value) ) {
    104104        if ( is_serialized_string($option->option_value) ) {
     
    123123
    124124    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
    125     else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attr($value) . "'$disabled />";
     125    else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . esc_attr($value) . "'$disabled />";
    126126
    127127    echo "</td>
     
    131131  </table>
    132132<?php $options_to_update = implode(',', $options_to_update); ?>
    133 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
     133<p class="submit"><input type="hidden" name="page_options" value="<?php echo esc_attr($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
    134134  </form>
    135135</div>
Note: See TracChangeset for help on using the changeset viewer.