Make WordPress Core


Ignore:
Timestamp:
06/11/2007 10:43:27 PM (17 years ago)
Author:
ryan
Message:

attribute_escape REQUEST_URI

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-content/themes/default/functions.php

    r5407 r5680  
    378378        </div>
    379379        <div id="jsForm">
    380             <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
     380            <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
    381381                <?php wp_nonce_field('kubrick-header'); ?>
    382382                <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>
Note: See TracChangeset for help on using the changeset viewer.