WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (12 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/widgets.php

    r11204 r11380  
    126126    <div class="wrap">
    127127    <?php screen_icon(); ?>
    128     <h2><?php echo wp_specialchars( $title ); ?></h2>
     128    <h2><?php echo esc_html( $title ); ?></h2>
    129129        <div class="error">
    130130            <p><?php _e( 'No Sidebars Defined' ); ?></p>
     
    259259        <div class="wrap">
    260260        <?php screen_icon(); ?>
    261         <h2><?php echo wp_specialchars( $title ); ?></h2>
     261        <h2><?php echo esc_html( $title ); ?></h2>
    262262        <div class="editwidget"<?php echo $width; ?>>
    263         <h3><?php printf( __( 'Widget %s' ), wp_specialchars( strip_tags($control['name']) ) ); ?></h3>
     263        <h3><?php printf( __( 'Widget %s' ), esc_html( strip_tags($control['name']) ) ); ?></h3>
    264264
    265265        <form action="widgets.php" method="post">
     
    335335<div class="wrap">
    336336<?php screen_icon(); ?>
    337 <h2><?php echo wp_specialchars( $title ); ?></h2>
     337<h2><?php echo esc_html( $title ); ?></h2>
    338338
    339339<?php if ( isset($_GET['message']) && isset($messages[$_GET['message']]) ) { ?>
     
    379379    <div class="sidebar-name">
    380380    <div class="sidebar-name-arrow"><br /></div>
    381     <h3><?php echo wp_specialchars( $registered_sidebar['name'] ); ?>
     381    <h3><?php echo esc_html( $registered_sidebar['name'] ); ?>
    382382    <span><img src="images/wpspin_dark.gif" class="ajax-feedback" title="" alt="" /></span></h3></div>
    383383    <?php wp_list_widget_controls( $sidebar ); // Show the control forms for each of the widgets in this sidebar ?>
Note: See TracChangeset for help on using the changeset viewer.