WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/plugins.php

    r11371 r11380  
    190190if ( !empty($invalid) )
    191191    foreach ( $invalid as $plugin_file => $error )
    192         echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), wp_specialchars($plugin_file), $error->get_error_message()) . '</p></div>';
     192        echo '<div id="message" class="error"><p>' . sprintf(__('The plugin <code>%s</code> has been <strong>deactivated</strong> due to an error: %s'), esc_html($plugin_file), $error->get_error_message()) . '</p></div>';
    193193?>
    194194
     
    223223<div class="wrap">
    224224<?php screen_icon(); ?>
    225 <h2><?php echo wp_specialchars( $title ); ?></h2>
     225<h2><?php echo esc_html( $title ); ?></h2>
    226226
    227227<?php
Note: See TracChangeset for help on using the changeset viewer.