Make WordPress Core


Ignore:
Timestamp:
11/17/2010 05:12:01 PM (14 years ago)
Author:
markjaquith
Message:

esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/meta-boxes.php

    r16324 r16431  
    286286    <div class="nojs-tags hide-if-js">
    287287    <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
    288     <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
     288    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) ); ?></textarea></div>
    289289    <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
    290290    <div class="ajaxtag hide-if-no-js">
     
    386386function post_excerpt_meta_box($post) {
    387387?>
    388 <label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea>
     388<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo esc_textarea( $post->post_excerpt ); ?></textarea>
    389389<p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
    390390<?php
     
    895895    <tr class="form-field">
    896896        <th valign="top"  scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
    897         <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo  ( isset( $link->link_notes ) ? $link->link_notes : ''); ?></textarea></td>
     897        <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') ); ?></textarea></td>
    898898    </tr>
    899899    <tr class="form-field">
Note: See TracChangeset for help on using the changeset viewer.