WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/post.php

    r11190 r11380  
    136136            $last_user = get_userdata( $last );
    137137            $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
    138             $message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
     138            $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
    139139            $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
    140140            add_action('admin_notices', create_function( '', "echo '$message';" ) );
Note: See TracChangeset for help on using the changeset viewer.