vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-28 01:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/upload.php
View File

@@ -164,9 +164,9 @@ if ( isset($_GET['message']) && (int) $_GET['message'] ) {
<div class="wrap">
<?php screen_icon(); ?>
<h2><?php echo wp_specialchars( $title );
<h2><?php echo esc_html( $title );
if ( isset($_GET['s']) && $_GET['s'] )
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( get_search_query() ) ); ?>
</h2>
<?php
@@ -322,7 +322,7 @@ foreach ($arc_result as $arc_row) {
if ( $orphans ) {
foreach ( $orphans as $post ) {
$class = 'alternate' == $class ? '' : 'alternate';
$att_title = wp_specialchars( _draft_or_post_title($post->ID) );
$att_title = esc_html( _draft_or_post_title($post->ID) );
?>
<tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">
<th scope="row" class="check-column"><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /></th>