Make WordPress Core


Ignore:
Timestamp:
07/05/2005 08:47:22 PM (19 years ago)
Author:
ryan
Message:

Use wpdb->escape instead of addslashes to prepare DB bound data.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r2698 r2699  
    449449                $pad = str_repeat('— ', $level);
    450450                if ( $user_level > 3 )
    451                     $edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return confirm('".  sprintf(__("You are about to delete the category \'%s\'.  All of its posts will go to the default category.\\n  \'OK\' to delete, \'Cancel\' to stop."), addslashes($category->cat_name)) . "')\" class='delete'>" .  __('Delete') . "</a>";
     451                    $edit = "<a href='categories.php?action=edit&amp;cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&amp;cat_ID=$category->cat_ID' onclick=\"return confirm('".  sprintf(__("You are about to delete the category \'%s\'.  All of its posts will go to the default category.\\n  \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" .  __('Delete') . "</a>";
    452452                else
    453453                    $edit = '';
Note: See TracChangeset for help on using the changeset viewer.