Make WordPress Core


Ignore:
Timestamp:
11/17/2010 05:12:01 PM (14 years ago)
Author:
markjaquith
Message:

esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/template.php

    r16426 r16431  
    484484
    485485    $entry['meta_key'] = esc_attr($entry['meta_key']);
    486     $entry['meta_value'] = htmlspecialchars($entry['meta_value']); // using a <textarea />
     486    $entry['meta_value'] = esc_textarea( $entry['meta_value'] ); // using a <textarea />
    487487    $entry['meta_id'] = (int) $entry['meta_id'];
    488488
     
    719719    <tr>
    720720        <th scope="row"><?php _e( 'URL' ) ?></th>
    721         <td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo wp_get_attachment_url(); ?></textarea></td>
     721        <td><textarea rows="1" cols="40" type="text" class="attachmentlinks" readonly="readonly"><?php echo esc_textarea( wp_get_attachment_url() ); ?></textarea></td>
    722722    </tr>
    723723<?php if ( $icon ) : ?>
Note: See TracChangeset for help on using the changeset viewer.