vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 18:24:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/edit-attachment-rows.php
View File

@@ -24,7 +24,7 @@ if ( have_posts() ) { ?>
<tbody id="the-list" class="list:post">
<?php
add_filter('the_title','wp_specialchars');
add_filter('the_title','esc_html');
$alt = '';
$posts_columns = get_column_headers('upload');
$hidden = get_hidden_columns('upload');
@@ -110,7 +110,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
if ( !empty( $tags ) ) {
$out = array();
foreach ( $tags as $c )
$out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
$out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
echo join( ', ', $out );
} else {
_e('No Tags');