Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (16 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r11375 r11380  
    320320function get_default_post_to_edit() {
    321321    if ( !empty( $_REQUEST['post_title'] ) )
    322         $post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
     322        $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
    323323    else if ( !empty( $_REQUEST['popuptitle'] ) ) {
    324         $post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
     324        $post_title = esc_html( stripslashes( $_REQUEST['popuptitle'] ));
    325325        $post_title = funky_javascript_fix( $post_title );
    326326    } else {
     
    330330    $post_content = '';
    331331    if ( !empty( $_REQUEST['content'] ) )
    332         $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
     332        $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
    333333    else if ( !empty( $post_title ) ) {
    334         $text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
     334        $text       = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
    335335        $text       = funky_javascript_fix( $text);
    336336        $popupurl   = clean_url($_REQUEST['popupurl']);
     
    339339
    340340    if ( !empty( $_REQUEST['excerpt'] ) )
    341         $post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
     341        $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
    342342    else
    343343        $post_excerpt = '';
Note: See TracChangeset for help on using the changeset viewer.