Make WordPress Core


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (15 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/user.php

    r10992 r11380  
    541541            $_selected = $user->ID == $selected ? " selected='selected'" : '';
    542542            $display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
    543             $output .= "\t<option value='$user->ID'$_selected>" . wp_specialchars($display) . "</option>\n";
     543            $output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
    544544        }
    545545
Note: See TracChangeset for help on using the changeset viewer.