WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/widgets.php

    r11309 r11380  
    163163    unset($wp_registered_widgets[$widget_id]['_callback']);
    164164
    165     $widget_title = wp_specialchars( strip_tags( $sidebar_args['widget_name'] ) );
     165    $widget_title = esc_html( strip_tags( $sidebar_args['widget_name'] ) );
    166166    $has_form = 'noform';
    167167
Note: See TracChangeset for help on using the changeset viewer.