WordPress.org

Make WordPress Core

Changeset 11380 for trunk/xmlrpc.php


Ignore:
Timestamp:
05/18/2009 03:11:07 PM (11 years ago)
Author:
markjaquith
Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/xmlrpc.php

    r11323 r11380  
    884884                $struct['count']            = $tag->count;
    885885                $struct['slug']             = $tag->slug;
    886                 $struct['html_url']         = wp_specialchars( get_tag_link( $tag->term_id ) );
    887                 $struct['rss_url']          = wp_specialchars( get_tag_feed_link( $tag->term_id ) );
     886                $struct['html_url']         = esc_html( get_tag_link( $tag->term_id ) );
     887                $struct['rss_url']          = esc_html( get_tag_feed_link( $tag->term_id ) );
    888888
    889889                $tags[] = $struct;
     
    27912791                $struct['categoryDescription'] = $cat->description;
    27922792                $struct['categoryName'] = $cat->name;
    2793                 $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id));
    2794                 $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));
     2793                $struct['htmlUrl'] = esc_html(get_category_link($cat->term_id));
     2794                $struct['rssUrl'] = esc_html(get_category_feed_link($cat->term_id, 'rss2'));
    27952795
    27962796                $categories_struct[] = $struct;
     
    33283328        $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
    33293329
    3330         $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
     3330        $context = '[...] ' . esc_html( $excerpt ) . ' [...]';
    33313331        $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
    33323332
Note: See TracChangeset for help on using the changeset viewer.