Changeset 11380 for trunk/wp-admin/edit-tag-form.php

Timestamp:

05/18/2009 03:11:07 PM (16 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-admin/edit-tag-form.php (modified) (1 diff)

trunk/wp-admin/edit-tag-form.php

@@ -37 +37 @@
         <tr class="form-field">
             <th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th>
-            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($tag->description); ?></textarea><br />
+            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
             <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
         </tr>