Changeset 4656 for trunk/wp-admin/admin-ajax.php

Timestamp:

12/21/2006 10:10:04 AM (19 years ago)

Author:

markjaquith

Message:

new function for escaping within attributes: attribute_escape()

File:

• trunk/wp-admin/admin-ajax.php (modified) (2 diffs)

trunk/wp-admin/admin-ajax.php

@@ -14 +14 @@
 
 function wp_ajax_meta_row( $pid, $mid, $key, $value ) {
-    $value = wp_specialchars($value, true);
+    $value = attribute_escape($value);
     $key_js = addslashes(wp_specialchars($key, 'double'));
-    $key = wp_specialchars($key, true);
+    $key = attribute_escape($key);
     $r .= "<tr id='meta-$mid'><td valign='top'>";
     $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);\",event);' type='text' size='20' value='$key' />";
@@ -142 +142 @@
         $level++;
     }
-    $cat_full_name = wp_specialchars( $cat_full_name, 1 );
+    $cat_full_name = attribute_escape( $cat_full_name);
 
     $x = new WP_Ajax_Response( array(