Changeset 4656 for trunk/wp-includes/functions.php

Timestamp:

12/21/2006 10:10:04 AM (19 years ago)

Author:

markjaquith

Message:

new function for escaping within attributes: attribute_escape()

File:

• trunk/wp-includes/functions.php (modified) (4 diffs)

trunk/wp-includes/functions.php

@@ -232 +232 @@
 
 function form_option($option) {
-    echo wp_specialchars( get_option($option), 1 );
+    echo attribute_escape( get_option($option));
 }
 
@@ -915 +915 @@
 
 function wp_referer_field() {
-    $ref = wp_specialchars($_SERVER['REQUEST_URI']);
+    $ref = attribute_escape($_SERVER['REQUEST_URI']);
     echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
     if ( wp_get_original_referer() ) {
-        $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+        $original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
         echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
     }
@@ -924 +924 @@
 
 function wp_original_referer_field() {
-    echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+    echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
 }
 
@@ -1191 +1191 @@
             $v = substr(strstr($a, '='), 1);
             $k = substr($a, 0, -(strlen($v)+1));
-            $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+            $html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n";
         }
         $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";