esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454

git-svn-id: https://develop.svn.wordpress.org/trunk@16431 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2010-11-17 17:12:01 +00:00
parent b9b0431d29
commit 55e0256967
22 changed files with 48 additions and 35 deletions

View File

@@ -285,7 +285,7 @@ function post_tags_meta_box($post, $box) {
<div class="jaxtag">
<div class="nojs-tags hide-if-js">
<p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>
<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_textarea( get_terms_to_edit( $post->ID, $tax_name ) ); ?></textarea></div>
<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
<div class="ajaxtag hide-if-no-js">
<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
@@ -385,7 +385,7 @@ function post_categories_meta_box( $post, $box ) {
*/
function post_excerpt_meta_box($post) {
?>
<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea>
<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo esc_textarea( $post->post_excerpt ); ?></textarea>
<p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
<?php
}
@@ -894,7 +894,7 @@ function link_advanced_meta_box($link) {
</tr>
<tr class="form-field">
<th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
<td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); ?></textarea></td>
<td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo esc_textarea( ( isset( $link->link_notes ) ? $link->link_notes : '') ); ?></textarea></td>
</tr>
<tr class="form-field">
<th valign="top" scope="row"><label for="link_rating"><?php _e('Rating') ?></label></th>