More attribute_escape().

git-svn-id: http://svn.automattic.com/wordpress/trunk@5044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-03-16 01:20:53 +00:00
parent 95df22248d
commit 12be68075e
1 changed files with 1 additions and 1 deletions

View File

@ -1280,7 +1280,7 @@ function wp_nonce_ays($action) {
if ( $_POST ) { if ( $_POST ) {
$q = http_build_query($_POST); $q = http_build_query($_POST);
$q = explode( ini_get('arg_separator.output'), $q); $q = explode( ini_get('arg_separator.output'), $q);
$html .= "\t<form method='post' action='$pagenow'>\n"; $html .= "\t<form method='post' action='" . attribute_escape($pagenow) . "'>\n";
foreach ( (array) $q as $a ) { foreach ( (array) $q as $a ) {
$v = substr(strstr($a, '='), 1); $v = substr(strstr($a, '='), 1);
$k = substr($a, 0, -(strlen($v)+1)); $k = substr($a, 0, -(strlen($v)+1));