WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fully escape Post/Page titles, props Viper007Bond, fixes #9322 

git-svn-id: http://svn.automattic.com/wordpress/trunk@10787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
azaozz 2009-03-15 07:59:12 +00:00
parent d80df1030c
commit 361b70792f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/edit-form-advanced.php
View File

@ -595,7 +595,7 @@ else
<div id="post-body-content" class="has-sidebar-content">
<div id="titlediv">
<div id="titlewrap">
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
</div>
<div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>

2
wp-admin/edit-page-form.php
View File

@ -443,7 +443,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post);
<div id="titlediv">
<div id="titlewrap">
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
</div>
<div class="inside">
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>