WordPress.org

Make WordPress Core

Changeset 11380 for trunk/wp-mail.php


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-mail.php

    r11190 r11380  
    2424    ( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) {
    2525        $pop3->quit();
    26         wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : wp_specialchars($pop3->ERROR) );
     26        wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : esc_html($pop3->ERROR) );
    2727}
    2828
     
    196196    do_action('publish_phone', $post_ID);
    197197
    198     echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), wp_specialchars($post_author)) . '</p>';
    199     echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), wp_specialchars($post_title)) . '</p>';
     198    echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>';
     199    echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), esc_html($post_title)) . '</p>';
    200200
    201201    if(!$pop3->delete($i)) {
    202         echo '<p>' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '</p>';
     202        echo '<p>' . sprintf(__('Oops: %s'), esc_html($pop3->ERROR)) . '</p>';
    203203        $pop3->reset();
    204204        exit;
Note: See TracChangeset for help on using the changeset viewer.