Use ENT_QUOTES in esc_textarea() in case someone uses it in a value='' situation by accident. see #15454

git-svn-id: https://develop.svn.wordpress.org/trunk@16993 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 09:24:22 +00:00 · 2010-12-16 09:24:22 +00:00 · dda708677e
commit dda708677e
parent 266cd3f5df
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -2368,7 +2368,7 @@ function esc_attr( $text ) {
 * @return string
 */
 function esc_textarea( $text ) {
-	$safe_text = htmlspecialchars( $text );
+	$safe_text = htmlspecialchars( $text, ENT_QUOTES );
 	return apply_filters( 'esc_textarea', $safe_text, $text );
 }