Changeset 11380 for trunk/wp-includes/default-widgets.php

Timestamp:

05/18/2009 03:11:07 PM (16 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-includes/default-widgets.php (modified) (2 diffs)

trunk/wp-includes/default-widgets.php

@@ -821 +821 @@
         $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
         $desc = wp_html_excerpt( $desc, 360 ) . ' […]';
-        $desc = wp_specialchars( $desc );
+        $desc = esc_html( $desc );
 
         if ( $show_summary ) {
@@ -845 +845 @@
             $author = $item->get_author();
             $author = $author->get_name();
-            $author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';
+            $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>';
         }