WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/classes.php

    r11318 r11380  
    12531253            $output .= ' selected="selected"';
    12541254        $output .= '>';
    1255         $title = wp_specialchars($page->post_title);
     1255        $title = esc_html($page->post_title);
    12561256        $output .= "$pad$title";
    12571257        $output .= "</option>\n";
Note: See TracChangeset for help on using the changeset viewer.