link_notes and term_description escaping fixes. Props garyc40. fixes #15454

git-svn-id: https://develop.svn.wordpress.org/trunk@17146 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2010-12-25 22:45:09 +00:00
parent 4c36fd6fb1
commit a748e507e5
2 changed files with 3 additions and 4 deletions

View File

@ -334,11 +334,10 @@ function sanitize_bookmark_field($field, $value, $bookmark_id, $context) {
return $value; return $value;
if ( 'edit' == $context ) { if ( 'edit' == $context ) {
$format_to_edit = array('link_notes');
$value = apply_filters("edit_$field", $value, $bookmark_id); $value = apply_filters("edit_$field", $value, $bookmark_id);
if ( in_array($field, $format_to_edit) ) { if ( 'link_notes' == $field ) {
$value = format_to_edit($value); $value = esc_html( $value ); // textarea_escaped
} else { } else {
$value = esc_attr($value); $value = esc_attr($value);
} }

View File

@ -1521,7 +1521,7 @@ function sanitize_term_field($field, $value, $term_id, $taxonomy, $context) {
$value = apply_filters("edit_term_{$field}", $value, $term_id, $taxonomy); $value = apply_filters("edit_term_{$field}", $value, $term_id, $taxonomy);
$value = apply_filters("edit_{$taxonomy}_{$field}", $value, $term_id); $value = apply_filters("edit_{$taxonomy}_{$field}", $value, $term_id);
if ( 'description' == $field ) if ( 'description' == $field )
$value = format_to_edit($value); $value = esc_html($value); // textarea_escaped
else else
$value = esc_attr($value); $value = esc_attr($value);
} else if ( 'db' == $context ) { } else if ( 'db' == $context ) {