WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/async-upload.php

    r11013 r11380  
    4343$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
    4444if (is_wp_error($id)) {
    45     echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
     45    echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
    4646    exit;
    4747}
Note: See TracChangeset for help on using the changeset viewer.