Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (15 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/bookmark.php

    r11204 r11380  
    3030        wp_die( __( 'Cheatin’ uh?' ));
    3131
    32     $_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
     32    $_POST['link_url'] = esc_html( $_POST['link_url'] );
    3333    $_POST['link_url'] = clean_url($_POST['link_url']);
    34     $_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
    35     $_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
     34    $_POST['link_name'] = esc_html( $_POST['link_name'] );
     35    $_POST['link_image'] = esc_html( $_POST['link_image'] );
    3636    $_POST['link_rss'] = clean_url($_POST['link_rss']);
    3737    if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
Note: See TracChangeset for help on using the changeset viewer.