Make WordPress Core


Ignore:
Timestamp:
07/05/2005 08:47:22 PM (19 years ago)
Author:
ryan
Message:

Use wpdb->escape instead of addslashes to prepare DB bound data.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-page-form.php

    r2652 r2699  
    133133        <th scope="row"><?php _e('Delete'); ?>:</th>
    134134        <td><?php if ('edit' == $action) : ?>
    135         <input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
     135        <input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> />
    136136<?php endif; ?></td>
    137137    </tr>
Note: See TracChangeset for help on using the changeset viewer.