WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r11372 r11380  
    11991199            $item .= $field[$field['input']];
    12001200        elseif ( $field['input'] == 'textarea' ) {
    1201             $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . wp_specialchars( $field['value'] ) . "</textarea>";
     1201            $item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . esc_html( $field['value'] ) . "</textarea>";
    12021202        } else {
    12031203            $item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
     
    14201420        echo get_media_items( $id, $errors );
    14211421    } else {
    1422         echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
     1422        echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
    14231423        exit;
    14241424    }
     
    18031803
    18041804    echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
    1805     echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
     1805    echo esc_html( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
    18061806    echo "</option>\n";
    18071807}
Note: See TracChangeset for help on using the changeset viewer.