Changeset 17001
- Timestamp:
- 12/16/2010 05:48:20 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/edit-tag-form.php
r16431 r17001 62 62 <tr class="form-field"> 63 63 <th scope="row" valign="top"><label for="description"><?php _ex('Description', 'Taxonomy Description'); ?></label></th> 64 <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_textarea( $tag->description );?></textarea><br />64 <td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $tag->description; // already escaped ?></textarea><br /> 65 65 <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td> 66 66 </tr> -
trunk/wp-admin/includes/media.php
r16900 r17001 1344 1344 $item .= $field[ $field['input'] ]; 1345 1345 elseif ( $field['input'] == 'textarea' ) { 1346 $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . esc_textarea( $field['value'] ) . '</textarea>'; 1346 if ( user_can_richedit() ) { // already escaped when user_can_richedit() = false 1347 $field['value'] = esc_textarea( $field['value'] ); 1348 } 1349 $item .= "<textarea type='text' id='$name' name='$name' $aria_required>" . $field['value'] . '</textarea>'; 1347 1350 } else { 1348 1351 $item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />"; -
trunk/wp-admin/includes/meta-boxes.php
r16969 r17001 289 289 <div class="nojs-tags hide-if-js"> 290 290 <p><?php echo $taxonomy->labels->add_or_remove_items; ?></p> 291 <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) );?></textarea></div>291 <textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo get_terms_to_edit( $post->ID, $tax_name ); // escaped by esc_attr() ?></textarea></div> 292 292 <?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?> 293 293 <div class="ajaxtag hide-if-no-js"> … … 893 893 <tr class="form-field"> 894 894 <th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th> 895 <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') );?></textarea></td>895 <td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); // escaped ?></textarea></td> 896 896 </tr> 897 897 <tr class="form-field"> -
trunk/wp-includes/formatting.php
r16993 r17001 1127 1127 $content = apply_filters('format_to_edit', $content); 1128 1128 if (! $richedit ) 1129 $content = htmlspecialchars($content);1129 $content = esc_textarea($content); 1130 1130 return $content; 1131 1131 }
Note: See TracChangeset
for help on using the changeset viewer.