WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/press-this.php

    r11312 r11380  
    9292
    9393// Set Variables
    94 $title = isset($_GET['t']) ? wp_specialchars(aposfix(stripslashes($_GET['t']))) : '';
     94$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : '';
    9595$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
    9696if ( ! empty($selection) ) {
Note: See TracChangeset for help on using the changeset viewer.