Fully escape Post/Page titles, props Viper007Bond, fixes #9322
git-svn-id: https://develop.svn.wordpress.org/trunk@10787 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
5685b381a9
commit
6cbdd69a1e
@ -595,7 +595,7 @@ else
|
||||
<div id="post-body-content" class="has-sidebar-content">
|
||||
<div id="titlediv">
|
||||
<div id="titlewrap">
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
|
||||
</div>
|
||||
<div class="inside">
|
||||
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
|
||||
|
@ -443,7 +443,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post);
|
||||
|
||||
<div id="titlediv">
|
||||
<div id="titlewrap">
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
|
||||
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
|
||||
</div>
|
||||
<div class="inside">
|
||||
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
|
||||
|
Loading…
Reference in New Issue
Block a user