vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 18:24:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/bookmark.php
View File

@@ -29,10 +29,10 @@ function edit_link( $link_id = '' ) {
if (!current_user_can( 'manage_links' ))
wp_die( __( 'Cheatin’ uh?' ));
$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
$_POST['link_url'] = esc_html( $_POST['link_url'] );
$_POST['link_url'] = clean_url($_POST['link_url']);
$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
$_POST['link_name'] = esc_html( $_POST['link_name'] );
$_POST['link_image'] = esc_html( $_POST['link_image'] );
$_POST['link_rss'] = clean_url($_POST['link_rss']);
if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
$_POST['link_visible'] = 'Y';