Changeset 4656 for trunk/wp-includes/general-template.php

Timestamp:

12/21/2006 10:10:04 AM (19 years ago)

Author:

markjaquith

Message:

new function for escaping within attributes: attribute_escape()

File:

• trunk/wp-includes/general-template.php (modified) (5 diffs)

trunk/wp-includes/general-template.php

@@ -280 +280 @@
 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
     $text = wptexturize($text);
-    $title_text = wp_specialchars($text, 1);
+    $title_text = attribute_escape($text);
 
     if ('link' == $format)
@@ -902 +902 @@
 function the_search_query() {
     global $s;
-    echo wp_specialchars( stripslashes($s), 1 );
+    echo attribute_escape( stripslashes($s));
 }
 
@@ -957 +957 @@
         if ( $add_args )
             $link = add_query_arg( $add_args, $link );
-        $page_links[] = "<a class='prev page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$prev_text</a>";
+        $page_links[] = "<a class='prev page-numbers' href='" . attribute_escape( $link) . "'>$prev_text</a>";
     endif;
     for ( $n = 1; $n <= $total; $n++ ) :
@@ -969 +969 @@
                 if ( $add_args )
                     $link = add_query_arg( $add_args, $link );
-                $page_links[] = "<a class='page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$n</a>";
+                $page_links[] = "<a class='page-numbers' href='" . attribute_escape( $link) . "'>$n</a>";
                 $dots = true;
             elseif ( $dots && !$show_all ) :
@@ -982 +982 @@
         if ( $add_args )
             $link = add_query_arg( $add_args, $link );
-        $page_links[] = "<a class='next page-numbers' href='" . wp_specialchars( $link, 1 ) . "'>$next_text</a>";
+        $page_links[] = "<a class='next page-numbers' href='" . attribute_escape( $link) . "'>$next_text</a>";
     endif;
     switch ( $type ) :