Changeset 11380 for trunk/wp-admin/includes/theme-install.php

Timestamp:

05/18/2009 03:11:07 PM (16 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-admin/includes/theme-install.php (modified) (2 diffs)

trunk/wp-admin/includes/theme-install.php

@@ -194 +194 @@
         if ( isset($trans[$feature_name]) )
              $feature_name = $trans[$feature_name];
-        $feature_name = wp_specialchars( $feature_name );
+        $feature_name = esc_html( $feature_name );
         echo '<div class="feature-name">' . $feature_name . '</div>';
 
@@ -202 +202 @@
             if ( isset($trans[$feature]) )
                 $feature_name = $trans[$feature];
-            $feature_name = wp_specialchars( $feature_name );
+            $feature_name = esc_html( $feature_name );
             $feature = esc_attr($feature);
 ?>