Changeset 4656 for trunk/wp-admin/upgrade.php

Timestamp:

12/21/2006 10:10:04 AM (18 years ago)

Author:

markjaquith

Message:

new function for escaping within attributes: attribute_escape()

File:

• trunk/wp-admin/upgrade.php (modified) (2 diffs)

trunk/wp-admin/upgrade.php

@@ -29 +29 @@
 switch($step) {
     case 0:
-        $goback = wp_specialchars(wp_get_referer());
+        $goback = attribute_escape(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
@@ -41 +41 @@
             $backto = __get_option('home');
         else
-            $backto = wp_specialchars( $_GET['backto'] , 1 );
+            $backto = attribute_escape(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2>