Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (16 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-attachment-rows.php

    r11323 r11380  
    2525    <tbody id="the-list" class="list:post">
    2626<?php
    27 add_filter('the_title','wp_specialchars');
     27add_filter('the_title','esc_html');
    2828$alt = '';
    2929$posts_columns = get_column_headers('upload');
     
    111111            $out = array();
    112112            foreach ( $tags as $c )
    113                 $out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
     113                $out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
    114114            echo join( ', ', $out );
    115115        } else {
Note: See TracChangeset for help on using the changeset viewer.