vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-30 10:14:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@11380 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2009-05-18 15:11:07 +00:00
parent b3efcdaaaa
commit f0336cfa7d
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/default-widgets.php
View File

@@ -820,7 +820,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
$desc = str_replace(array("\n", "\r"), ' ', esc_attr(strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset')))));
$desc = wp_html_excerpt( $desc, 360 ) . ' […]';
$desc = wp_specialchars( $desc );
$desc = esc_html( $desc );
if ( $show_summary ) {
$summary = "<div class='rssSummary'>$desc</div>";
@@ -844,7 +844,7 @@ function wp_widget_rss_output( $rss, $args = array() ) {
if ( $show_author ) {
$author = $item->get_author();
$author = $author->get_name();
$author = ' <cite>' . wp_specialchars( strip_tags( $author ) ) . '</cite>';
$author = ' <cite>' . esc_html( strip_tags( $author ) ) . '</cite>';
}
if ( $link == '' ) {