WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r11208 r11380  
    2121    add_filter($filter, 'trim');
    2222    add_filter($filter, 'wp_filter_kses');
    23     add_filter($filter, 'wp_specialchars', 30);
     23    add_filter($filter, 'esc_html', 30);
    2424}
    2525
     
    8181    add_filter($filter, 'wptexturize');
    8282    add_filter($filter, 'convert_chars');
    83     add_filter($filter, 'wp_specialchars');
     83    add_filter($filter, 'esc_html');
    8484}
    8585
     
    132132add_filter('the_title_rss', 'strip_tags');
    133133add_filter('the_title_rss', 'ent2ncr', 8);
    134 add_filter('the_title_rss', 'wp_specialchars');
     134add_filter('the_title_rss', 'esc_html');
    135135add_filter('the_content_rss', 'ent2ncr', 8);
    136136add_filter('the_excerpt_rss', 'convert_chars');
     
    138138add_filter('comment_author_rss', 'ent2ncr', 8);
    139139add_filter('comment_text_rss', 'ent2ncr', 8);
    140 add_filter('comment_text_rss', 'wp_specialchars');
     140add_filter('comment_text_rss', 'esc_html');
    141141add_filter('bloginfo_rss', 'ent2ncr', 8);
    142142add_filter('the_author', 'ent2ncr', 8);
     
    144144// Misc filters
    145145add_filter('option_ping_sites', 'privacy_ping_filter');
    146 add_filter('option_blog_charset', 'wp_specialchars');
     146add_filter('option_blog_charset', '_wp_specialchars'); // IMPORTANT: This must not be wp_specialchars() or esc_html() or it'll cause an infinite loop
    147147add_filter('option_home', '_config_wp_home');
    148148add_filter('option_siteurl', '_config_wp_siteurl');
Note: See TracChangeset for help on using the changeset viewer.