Changeset 11380 for trunk/wp-admin/includes/export.php

Timestamp:

05/18/2009 03:11:07 PM (17 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-admin/includes/export.php (modified) (1 diff)

trunk/wp-admin/includes/export.php

@@ -100 +100 @@
         $str = utf8_encode($str);
 
-    // $str = ent2ncr(wp_specialchars($str));
+    // $str = ent2ncr(esc_html($str));
 
     $str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";