WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/media-upload.php

    r11372 r11380  
    5656    <div class="wrap">
    5757    <?php screen_icon(); ?>
    58     <h2><?php echo wp_specialchars( $title ); ?></h2>
     58    <h2><?php echo esc_html( $title ); ?></h2>
    5959
    6060    <form enctype="multipart/form-data" method="post" action="media-upload.php?inline=&amp;upload-page-form=" class="media-upload-form type-form validate" id="file-form">
Note: See TracChangeset for help on using the changeset viewer.