Fix for bug 0000091: fixed encoding of special chars.

git-svn-id: https://develop.svn.wordpress.org/trunk@1437 602fd350-edb4-49c9-b593-d223f7449a82

wp-admin/admin-functions.php

@@ -113,6 +113,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
 	if ($categories) {
 		foreach ($categories as $category) {
 			if ($category->category_parent == $parent) {
+				$category->cat_name = htmlspecialchars($category->cat_name);
 				$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
 				$pad = str_repeat('— ', $level);
 
@@ -139,6 +140,7 @@ function wp_dropdown_cats($currentcat, $currentparent = 0, $parent = 0, $level =
 		foreach ($categories as $category) { if ($currentcat != $category->cat_ID && $parent == $category->category_parent) {
 			$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
 			$pad = str_repeat('– ', $level);
+			$category->cat_name = htmlspecialchars($category->cat_name);
 			echo "\n\t<option value='$category->cat_ID'";
 			if ($currentparent == $category->cat_ID)
 				echo " selected='selected'";

wp-admin/categories.php

@@ -98,7 +98,7 @@ case 'edit':
         <input type="hidden" name="action" value="editedcat" />
         <input type="hidden" name="cat_ID" value="<?php echo $_GET['cat_ID'] ?>" />
         <p><?php _e('Category name:') ?><br />
-        <input type="text" name="cat_name" value="<?php echo $cat_name; ?>" /></p>
+        <input type="text" name="cat_name" value="<?php echo htmlspecialchars($cat_name); ?>" /></p>
         <p><?php _e('Category parent:') ?><br />
         <select name='cat' class='postform'>
         <option value='0'<?php if (!$category->category_parent) echo " selected='selected'"; ?>><?php _e('None') ?></option>