WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/theme-install.php

    r11286 r11380  
    194194        if ( isset($trans[$feature_name]) )
    195195             $feature_name = $trans[$feature_name];
    196         $feature_name = wp_specialchars( $feature_name );
     196        $feature_name = esc_html( $feature_name );
    197197        echo '<div class="feature-name">' . $feature_name . '</div>';
    198198
     
    202202            if ( isset($trans[$feature]) )
    203203                $feature_name = $trans[$feature];
    204             $feature_name = wp_specialchars( $feature_name );
     204            $feature_name = esc_html( $feature_name );
    205205            $feature = esc_attr($feature);
    206206?>
Note: See TracChangeset for help on using the changeset viewer.