WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/upload.php

    r11312 r11380  
    165165<div class="wrap">
    166166<?php screen_icon(); ?>
    167 <h2><?php echo wp_specialchars( $title );
     167<h2><?php echo esc_html( $title );
    168168if ( isset($_GET['s']) && $_GET['s'] )
    169     printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
     169    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( get_search_query() ) ); ?>
    170170</h2>
    171171
     
    323323        foreach ( $orphans as $post ) {
    324324            $class = 'alternate' == $class ? '' : 'alternate';
    325             $att_title = wp_specialchars( _draft_or_post_title($post->ID) );
     325            $att_title = esc_html( _draft_or_post_title($post->ID) );
    326326?>
    327327    <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
Note: See TracChangeset for help on using the changeset viewer.