WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options-permalink.php

    r11350 r11380  
    143143<div class="wrap">
    144144<?php screen_icon(); ?>
    145 <h2><?php echo wp_specialchars( $title ); ?></h2>
     145<h2><?php echo esc_html( $title ); ?></h2>
    146146
    147147<form name="form" action="options-permalink.php" method="post">
     
    227227<form action="options-permalink.php" method="post">
    228228<?php wp_nonce_field('update-permalink') ?>
    229     <p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
     229    <p><textarea rows="10" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->iis7_url_rewrite_rules()); ?></textarea></p>
    230230</form>
    231231<p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.')  ?></p> 
     
    236236<form action="options-permalink.php" method="post">
    237237<?php wp_nonce_field('update-permalink') ?>
    238     <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
     238    <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_html($wp_rewrite->mod_rewrite_rules()); ?></textarea></p>
    239239</form>
    240240    <?php endif; ?>
Note: See TracChangeset for help on using the changeset viewer.