The user description field should be esc_textarea when context is edit. see #15454.

git-svn-id: https://develop.svn.wordpress.org/trunk@16995 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 10:04:21 +00:00 · 2010-12-16 10:04:21 +00:00 · 4db50ee643
parent 541c45ba0e
commit 4db50ee643
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -1211,7 +1211,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
 		}

 		if ( 'description' == $field )
-			$value = esc_html($value);
+			$value = esc_textarea( $value );
 		else
 			$value = esc_attr($value);
 	} else if ( 'db' == $context ) {