Changeset 11380 for trunk/xmlrpc.php

Timestamp:

05/18/2009 03:11:07 PM (17 years ago)

Author:

markjaquith

Message:

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

File:

• trunk/xmlrpc.php (modified) (3 diffs)

trunk/xmlrpc.php

@@ -884 +884 @@
                 $struct['count']            = $tag->count;
                 $struct['slug']             = $tag->slug;
-                $struct['html_url']         = wp_specialchars( get_tag_link( $tag->term_id ) );
-                $struct['rss_url']          = wp_specialchars( get_tag_feed_link( $tag->term_id ) );
+                $struct['html_url']         = esc_html( get_tag_link( $tag->term_id ) );
+                $struct['rss_url']          = esc_html( get_tag_feed_link( $tag->term_id ) );
 
                 $tags[] = $struct;
@@ -2791 +2791 @@
                 $struct['categoryDescription'] = $cat->description;
                 $struct['categoryName'] = $cat->name;
-                $struct['htmlUrl'] = wp_specialchars(get_category_link($cat->term_id));
-                $struct['rssUrl'] = wp_specialchars(get_category_feed_link($cat->term_id, 'rss2'));
+                $struct['htmlUrl'] = esc_html(get_category_link($cat->term_id));
+                $struct['rssUrl'] = esc_html(get_category_feed_link($cat->term_id, 'rss2'));
 
                 $categories_struct[] = $struct;
@@ -3328 +3328 @@
         $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
 
-        $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
+        $context = '[...] ' . esc_html( $excerpt ) . ' [...]';
         $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );