WordPress.org

Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/wp-admin/includes/template.php

    r15452 r17412  
    11861186        return;
    11871187
    1188     $title = esc_attr( get_the_title( $post->ID ) );
     1188    $title = htmlspecialchars( trim( $post->post_title ), ENT_QUOTES );
    11891189
    11901190    echo '
     
    11931193    <div class="post_name">' . apply_filters('editable_slug', $post->post_name) . '</div>
    11941194    <div class="post_author">' . $post->post_author . '</div>
    1195     <div class="comment_status">' . $post->comment_status . '</div>
    1196     <div class="ping_status">' . $post->ping_status . '</div>
    1197     <div class="_status">' . $post->post_status . '</div>
     1195    <div class="comment_status">' . esc_html( $post->comment_status ) . '</div>
     1196    <div class="ping_status">' . esc_html( $post->ping_status ) . '</div>
     1197    <div class="_status">' . esc_html( $post->post_status ) . '</div>
    11981198    <div class="jj">' . mysql2date( 'd', $post->post_date, false ) . '</div>
    11991199    <div class="mm">' . mysql2date( 'm', $post->post_date, false ) . '</div>
Note: See TracChangeset for help on using the changeset viewer.