Changeset 17410

Timestamp:

02/07/2011 07:11:17 PM (15 years ago)

Author:

markjaquith

Message:

A little escaping paranoia, just to be safe. (Already sanitized, higher up). for trunk

File:

• trunk/wp-admin/includes/template.php (modified) (2 diffs)

trunk/wp-admin/includes/template.php

@@ -271 +271 @@
         return;
 
-    $title = htmlspecialchars( trim( $post->post_title ), ENT_QUOTES );
+    $title = esc_textarea( trim( $post->post_title ) );
 
     echo '
@@ -278 +278 @@
     <div class="post_name">' . apply_filters('editable_slug', $post->post_name) . '</div>
     <div class="post_author">' . $post->post_author . '</div>
-    <div class="comment_status">' . $post->comment_status . '</div>
-    <div class="ping_status">' . $post->ping_status . '</div>
-    <div class="_status">' . $post->post_status . '</div>
+    <div class="comment_status">' . esc_html( $post->comment_status ) . '</div>
+    <div class="ping_status">' . esc_html( $post->ping_status ) . '</div>
+    <div class="_status">' . esc_html( $post->post_status ) . '</div>
     <div class="jj">' . mysql2date( 'd', $post->post_date, false ) . '</div>
     <div class="mm">' . mysql2date( 'm', $post->post_date, false ) . '</div>