WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-tag-form.php

    r11204 r11380  
    3737        <tr class="form-field">
    3838            <th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th>
    39             <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($tag->description); ?></textarea><br />
     39            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
    4040            <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
    4141        </tr>
Note: See TracChangeset for help on using the changeset viewer.