WordPress.org

Make WordPress Core

Changeset 5946


Ignore:
Timestamp:
08/26/2007 10:13:54 PM (11 years ago)
Author:
ryan
Message:

Escape parsed fields.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-app.php

    r5910 r5946  
    421421        $post_status = ($publish) ? 'publish' : 'draft';
    422422        $post_author = (int) $user->ID;
    423         $post_title = $entry->title;
    424         $post_content = $entry->content;
    425         $post_excerpt = $entry->summary;
     423        $post_title = $this->escape($entry->title);
     424        $post_content = $this->escape($entry->content);
     425        $post_excerpt = $this->escape($entry->summary);
    426426        $post_date = current_time('mysql');
    427427        $post_date_gmt = current_time('mysql', 1);
     
    479479        extract($entry);
    480480
    481         $post_title = $parsed->title;
    482         $post_content = $parsed->content;
    483         $post_excerpt = $parsed->summary;
     481        $post_title = $this->escape($parsed->title);
     482        $post_content = $this->escape($parsed->content);
     483        $post_excerpt = $this->escape($parsed->summary);
    484484
    485485        // let's not go backwards and make something draft again.
     
    620620        extract($entry);
    621621
    622         $post_title = $parsed->title;
    623         $post_content = $parsed->content;
     622        $post_title = $this->escape($parsed->title);
     623        $post_content = $this->escape($parsed->content);
    624624
    625625        $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt');
Note: See TracChangeset for help on using the changeset viewer.