WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-category-form.php

    r11204 r11380  
    6767        <tr class="form-field">
    6868            <th scope="row" valign="top"><label for="category_description"><?php _e('Description') ?></label></th>
    69             <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->description); ?></textarea><br />
     69            <td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($category->description); ?></textarea><br />
    7070            <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
    7171        </tr>
Note: See TracChangeset for help on using the changeset viewer.