Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (16 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-page-form.php

    r11323 r11380  
    159159}
    160160
    161 echo wp_specialchars( $visibility_trans ); ?></span>
     161echo esc_html( $visibility_trans ); ?></span>
    162162<?php if ( $can_publish ) { ?>
    163163<a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
     
    398398<div class="wrap">
    399399<?php screen_icon(); ?>
    400 <h2><?php echo wp_specialchars( $title ); ?></h2>
     400<h2><?php echo esc_html( $title ); ?></h2>
    401401
    402402<form name="post" action="page.php" method="post" id="post">
     
    461461        if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
    462462            $last_user = get_userdata($last_id);
    463             printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
     463            printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
    464464        } else {
    465465            printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
Note: See TracChangeset for help on using the changeset viewer.