WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/export.php

    r10045 r11380  
    100100        $str = utf8_encode($str);
    101101
    102     // $str = ent2ncr(wp_specialchars($str));
     102    // $str = ent2ncr(esc_html($str));
    103103
    104104    $str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";
Note: See TracChangeset for help on using the changeset viewer.