Context Navigation

post.php

Timestamp:

05/18/2009 03:11:07 PM (16 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

r11190	r11380
136	136	$last_user = get_userdata( $last );
137	137	$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
138		$message = sprintf( __( 'Warning: %s is currently editing this post' ), ~~wp_specialchars~~( $last_user_name ) );
	138	$message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
139	139	$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
140	140	add_action('admin_notices', create_function( '', "echo '$message';" ) );

Note: See TracChangeset for help on using the changeset viewer.