Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (15 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-form-advanced.php

    r11323 r11380  
    167167}
    168168
    169 ?><?php echo wp_specialchars( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
     169?><?php echo esc_html( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
    170170
    171171<div id="post-visibility-select" class="hide-if-js">
     
    391391        $already_pinged = explode("\n", trim($post->pinged));
    392392        foreach ($already_pinged as $pinged_url) {
    393             $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
     393            $pings .= "\n\t<li>" . esc_html($pinged_url) . "</li>";
    394394        }
    395395        $pings .= '</ul>';
     
    550550<div class="wrap">
    551551<?php screen_icon(); ?>
    552 <h2><?php echo wp_specialchars( $title ); ?></h2>
     552<h2><?php echo esc_html( $title ); ?></h2>
    553553<?php if ( $notice ) : ?>
    554554<div id="notice" class="error"><p><?php echo $notice ?></p></div>
     
    623623        if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
    624624            $last_user = get_userdata($last_id);
    625             printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
     625            printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
    626626        } else {
    627627            printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
Note: See TracChangeset for help on using the changeset viewer.