sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fully escape Post/Page titles, props Viper007Bond, fixes #9322 

git-svn-id: https://develop.svn.wordpress.org/trunk@10787 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Ozz 2009-03-15 07:59:12 +00:00
parent 5685b381a9
commit 6cbdd69a1e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/edit-form-advanced.php
View File

@ -595,7 +595,7 @@ else
<div id="post-body-content" class="has-sidebar-content">
<div id="titlediv">
<div id="titlewrap">
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
</div>
<div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>

2
wp-admin/edit-page-form.php
View File

@ -443,7 +443,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post);
<div id="titlediv">
<div id="titlewrap">
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
</div>
<div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>