WordPress.org

Make WordPress Core

Changeset 5946


Ignore:
Timestamp:
08/26/07 22:13:54 (8 years ago)
Author:
ryan
Message:

Escape parsed fields.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-app.php

    r5910 r5946  
    421421        $post_status = ($publish) ? 'publish' : 'draft'; 
    422422        $post_author = (int) $user->ID; 
    423         $post_title = $entry->title; 
    424         $post_content = $entry->content; 
    425         $post_excerpt = $entry->summary; 
     423        $post_title = $this->escape($entry->title); 
     424        $post_content = $this->escape($entry->content); 
     425        $post_excerpt = $this->escape($entry->summary); 
    426426        $post_date = current_time('mysql'); 
    427427        $post_date_gmt = current_time('mysql', 1); 
     
    479479        extract($entry); 
    480480 
    481         $post_title = $parsed->title; 
    482         $post_content = $parsed->content; 
    483         $post_excerpt = $parsed->summary; 
     481        $post_title = $this->escape($parsed->title); 
     482        $post_content = $this->escape($parsed->content); 
     483        $post_excerpt = $this->escape($parsed->summary); 
    484484 
    485485        // let's not go backwards and make something draft again. 
     
    620620        extract($entry); 
    621621 
    622         $post_title = $parsed->title; 
    623         $post_content = $parsed->content; 
     622        $post_title = $this->escape($parsed->title); 
     623        $post_content = $this->escape($parsed->content); 
    624624 
    625625        $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt'); 
Note: See TracChangeset for help on using the changeset viewer.