vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 18:24:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wp-admin/includes/post.php
View File

@@ -319,9 +319,9 @@ function bulk_edit_posts( $post_data = null ) {
*/
function get_default_post_to_edit() {
if ( !empty( $_REQUEST['post_title'] ) )
$post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
$post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
else if ( !empty( $_REQUEST['popuptitle'] ) ) {
$post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
$post_title = esc_html( stripslashes( $_REQUEST['popuptitle'] ));
$post_title = funky_javascript_fix( $post_title );
} else {
$post_title = '';
@@ -329,16 +329,16 @@ function get_default_post_to_edit() {
$post_content = '';
if ( !empty( $_REQUEST['content'] ) )
$post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
$post_content = esc_html( stripslashes( $_REQUEST['content'] ));
else if ( !empty( $post_title ) ) {
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
$text = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
$text = funky_javascript_fix( $text);
$popupurl = clean_url($_REQUEST['popupurl']);
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
}
if ( !empty( $_REQUEST['excerpt'] ) )
$post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
$post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
else
$post_excerpt = '';