Changeset 11380 for trunk/wp-admin/widgets.php

Timestamp:

05/18/2009 03:11:07 PM (17 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-admin/widgets.php (modified) (4 diffs)

trunk/wp-admin/widgets.php

@@ -126 +126 @@
     <div class="wrap">
     <?php screen_icon(); ?>
-    <h2><?php echo wp_specialchars( $title ); ?></h2>
+    <h2><?php echo esc_html( $title ); ?></h2>
         <div class="error">
             <p><?php _e( 'No Sidebars Defined' ); ?></p>
@@ -259 +259 @@
         <div class="wrap">
         <?php screen_icon(); ?>
-        <h2><?php echo wp_specialchars( $title ); ?></h2>
+        <h2><?php echo esc_html( $title ); ?></h2>
         <div class="editwidget"<?php echo $width; ?>>
-        <h3><?php printf( __( 'Widget %s' ), wp_specialchars( strip_tags($control['name']) ) ); ?></h3>
+        <h3><?php printf( __( 'Widget %s' ), esc_html( strip_tags($control['name']) ) ); ?></h3>
 
         <form action="widgets.php" method="post">
@@ -335 +335 @@
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo esc_html( $title ); ?></h2>
 
 <?php if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) { ?>
@@ -379 +379 @@
     <div class="sidebar-name">
     <div class="sidebar-name-arrow"><br /></div>
-    <h3><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>
+    <h3><?php echo esc_html( $registered_sidebar['name'] ); ?>
     <span><img src="images/wpspin_dark.gif" class="ajax-feedback" title="" alt="" /></span></h3></div>
     <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>