WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-widgets.php

    r11318 r11380  
    821821        $desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
    822822        $desc = wp_html_excerpt( $desc, 360 ) . ' […]';
    823         $desc = wp_specialchars( $desc );
     823        $desc = esc_html( $desc );
    824824
    825825        if ( $show_summary ) {
     
    845845            $author = $item->get_author();
    846846            $author = $author->get_name();
    847             $author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';
     847            $author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>';
    848848        }
    849849
Note: See TracChangeset for help on using the changeset viewer.