#21849 closed defect (bug) (invalid)
Update wp-comments-post.php from using escape() to esc_attr()
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | 3.4.2 |
Component: | Comments | Keywords: | has-patch |
Focuses: | Cc: |
Description
I noticed that wp-comments-post.php is still using the escape function, so I replaced it with esc_attr().
Attachments (1)
Change History (3)
#1
@
12 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Type changed from task (blessed) to defect (bug)
Rather than a full file, you can submit a patch using Subversion: http://make.wordpress.org/core/handbook/submitting-a-patch/.
Did you try to submit a comment with this patch? esc_attr() does not exist as a method on the $wpdb object. This will end up with a fatal error.
esc_attr() is for escaping output into an HTML attribute. $wpdb->escape() is for escaping input to be used in a database query. There's more on http://codex.wordpress.org/Data_Validation.
Note: See
TracTickets for help on using
tickets.
Removed old escape function from lines 59 to 61