IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith
2009-05-18 15:11:07 +00:00
parent e2802f7f3b
commit 119b39cec2
68 changed files with 210 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/edit-pages.php
View File

@@ -104,9 +104,9 @@ require_once('admin-header.php'); ?>
<div class="wrap">
<?php screen_icon(); ?>
<h2><?php echo wp_specialchars( $title );
<h2><?php echo esc_html( $title );
if ( isset($_GET['s']) && $_GET['s'] )
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( get_search_query() ) ); ?>
</h2>
<?php if ( isset($_GET['locked']) || isset($_GET['skipped']) || isset($_GET['updated']) || isset($_GET['deleted']) ) { ?>