Make WordPress Core


Ignore:
Timestamp:
11/17/2010 05:12:01 PM (14 years ago)
Author:
markjaquith
Message:

esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r16383 r16431  
    12831283            $item .= $field[ $field['input'] ];
    12841284        elseif ( $field['input'] == 'textarea' ) {
    1285             $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_html( $field['value'] ) . '</textarea>';
     1285            $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_textarea( $field['value'] ) . '</textarea>';
    12861286        } else {
    12871287            $item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />";
Note: See TracChangeset for help on using the changeset viewer.