Changeset 11380 for trunk/wp-admin/upload.php

Timestamp:

05/18/2009 03:11:07 PM (16 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-admin/upload.php (modified) (2 diffs)

trunk/wp-admin/upload.php

@@ -165 +165 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
+    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( get_search_query() ) ); ?>
 </h2>
 
@@ -323 +323 @@
         foreach ( $orphans as $post ) {
             $class = 'alternate' == $class ? '' : 'alternate';
-            $att_title = wp_specialchars( _draft_or_post_title($post->ID) );
+            $att_title = esc_html( _draft_or_post_title($post->ID) );
 ?>
     <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">