Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (15 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-link-categories.php

    r11312 r11380  
    6262<div class="wrap nosubsub">
    6363<?php screen_icon(); ?>
    64 <h2><?php echo wp_specialchars( $title );
     64<h2><?php echo esc_html( $title );
    6565if ( isset($_GET['s']) && $_GET['s'] )
    66     printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
     66    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
    6767</h2>
    6868
Note: See TracChangeset for help on using the changeset viewer.