vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 10:14:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/post.php
View File

@@ -135,7 +135,7 @@ case 'edit':
if ( $last = wp_check_post_lock( $post->ID ) ) {
$last_user = get_userdata( $last );
$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
$message = sprintf( __( 'Warning: %s is currently editing this post' ), wp_specialchars( $last_user_name ) );
$message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
add_action('admin_notices', create_function( '', "echo '$message';" ) );
} else {