Changeset 17001

Timestamp:

12/16/2010 05:48:20 PM (15 years ago)

Author:

ryan

Message:

Remove some unnecessary esc_textarea() calls. Props garyc40. see #15454

Location:

trunk

Files:

• wp-admin/edit-tag-form.php (modified) (1 diff)
• wp-admin/includes/media.php (modified) (1 diff)
• wp-admin/includes/meta-boxes.php (modified) (2 diffs)
• wp-includes/formatting.php (modified) (1 diff)

trunk/wp-admin/edit-tag-form.php

@@ -62 +62 @@
         <tr class="form-field">
             <th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th>
-            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_textarea( $tag->description ); ?></textarea><br />
+            <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $tag->description; // already escaped ?></textarea><br />
             <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
         </tr>

trunk/wp-admin/includes/media.php

@@ -1344 +1344 @@
             $item .= $field[ $field['input'] ];
         elseif ( $field['input'] == 'textarea' ) {
-            $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_textarea( $field['value'] ) . '</textarea>';
+            if ( user_can_richedit() ) { // already escaped when user_can_richedit() = false
+                $field['value'] = esc_textarea( $field['value'] );
+            }
+            $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . $field['value'] . '</textarea>';
         } else {
             $item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />";

trunk/wp-admin/includes/meta-boxes.php

@@ -289 +289 @@
     <div class="nojs-tags hide-if-js">
     <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
-    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) ); ?></textarea></div>
+    <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // escaped by esc_attr() ?></textarea></div>
     <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
     <div class="ajaxtag hide-if-no-js">
@@ -893 +893 @@
     <tr class="form-field">
         <th valign="top"  scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
-        <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') ); ?></textarea></td>
+        <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); // escaped ?></textarea></td>
     </tr>
     <tr class="form-field">

trunk/wp-includes/formatting.php

@@ -1127 +1127 @@
     $content = apply_filters('format_to_edit', $content);
     if (! $richedit )
-        $content = htmlspecialchars($content);
+        $content = esc_textarea($content);
     return $content;
 }