Make WordPress Core


Ignore:
Timestamp:
12/21/2006 10:10:04 AM (17 years ago)
Author:
markjaquith
Message:

new function for escaping within attributes: attribute_escape()

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/edit-form-advanced.php

    r4632 r4656  
    212212<input name="referredby" type="hidden" id="referredby" value="<?php
    213213if ( !empty($_REQUEST['popupurl']) )
    214     echo wp_specialchars($_REQUEST['popupurl']);
    215 else if ( url_to_postid(wp_get_referer()) == $post_ID )
     214    echo attribute_escape(stripslashes($_REQUEST['popupurl']));
     215else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
    216216    echo 'redo';
    217217else
    218     echo wp_specialchars(wp_get_referer());
     218    echo attribute_escape(stripslashes(wp_get_referer()));
    219219?>" /></p>
    220220
Note: See TracChangeset for help on using the changeset viewer.