vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 10:14:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/comment-template.php
View File

@@ -1078,7 +1078,7 @@ function get_cancel_comment_reply_link($text = '') {
$text = __('Click here to cancel reply.');
$style = isset($_GET['replytocom']) ? '' : ' style="display:none;"';
$link = wp_specialchars( remove_query_arg('replytocom') ) . '#respond';
$link = esc_html( remove_query_arg('replytocom') ) . '#respond';
return apply_filters('cancel_comment_reply_link', '<a rel="nofollow" id="cancel-comment-reply-link" href="' . $link . '"' . $style . '>' . $text . '</a>', $link, $text);
}