Add missing filters for values in edit-link-category-form.php

[Simek]

Add missing filters ("attribute_escape" and "wp_specialchars") for values in edit-link-category-form.php

[hakre]

is wp_specialchars() suitable within a textarea? (guess yes but I do not properly know).

is the 'editable_slug' filter applicable to be used for category slugs?

if both questions can be answered with yes I think this patch looks good. especially the attribute_escape call is important to prevent injection issues.

[hakre]

unsufficent attribute value escapes are a defect, not an enhancement.

[hakre]

attribute_escape() should become attr() (as in [11109])

[hakre]

see #9650

[Denis-de-Bernardy]

broken patch

[hakre]

Repaired the patch. Partially this was already fixed in head because of the attr() run by ryan. looks like textareas are missing, I've chosen simeks variant using wp_specialchars() for textarea content.

[Denis-de-Bernardy]

for textareas, wp has the format_to_edit() sanitizer.

[hakre]

format_to_edit vs. wp_specialchars.

[Denis-de-Bernardy]

this one is major

[Denis-de-Bernardy]

format_to_edit for category, tag, and user description

[Denis-de-Bernardy]

updated patch does the same for tag description and user description.

[ryan]

get_term_to_edit() should take care of the tag description.

[ryan]

get_user_to_edit() could stand to call format_to_edit() instead of wp_specialchars().

[ryan]

Some of the attribute escapes that got added are unnecessary since the *_to_edit() functions should take care of that.

[Denis-de-Bernardy]

oh right. after double checking, all three cases are processed already. sorry about that.