WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment-template.php

    r11323 r11380  
    10791079
    10801080    $style = isset($_GET['replytocom']) ? '' : ' style="display:none;"';
    1081     $link = wp_specialchars( remove_query_arg('replytocom') ) . '#respond';
     1081    $link = esc_html( remove_query_arg('replytocom') ) . '#respond';
    10821082    return apply_filters('cancel_comment_reply_link', '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>', $link, $text);
    10831083}
Note: See TracChangeset for help on using the changeset viewer.