Changeset 11380 for trunk/wp-mail.php

Timestamp:

05/18/2009 03:11:07 PM (17 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/wp-mail.php (modified) (2 diffs)

trunk/wp-mail.php

@@ -24 +24 @@
     ( ! $count = $pop3->pass(get_option('mailserver_pass')) ) ) {
         $pop3->quit();
-        wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : wp_specialchars($pop3->ERROR) );
+        wp_die( ( 0 === $count ) ? __('There doesn’t seem to be any new mail.') : esc_html($pop3->ERROR) );
 }
 
@@ -196 +196 @@
     do_action('publish_phone', $post_ID);
 
-    echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), wp_specialchars($post_author)) . '</p>';
-    echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), wp_specialchars($post_title)) . '</p>';
+    echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>';
+    echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), esc_html($post_title)) . '</p>';
 
     if(!$pop3->delete($i)) {
-        echo '<p>' . sprintf(__('Oops: %s'), wp_specialchars($pop3->ERROR)) . '</p>';
+        echo '<p>' . sprintf(__('Oops: %s'), esc_html($pop3->ERROR)) . '</p>';
         $pop3->reset();
         exit;