WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/feed.php

    r11358 r11380  
    166166        $encode_html = 2;
    167167    if ( 1== $encode_html ) {
    168         $content = wp_specialchars($content);
     168        $content = esc_html($content);
    169169        $cut = 0;
    170170    } elseif ( 0 == $encode_html ) {
Note: See TracChangeset for help on using the changeset viewer.