The user description field should be esc_textarea when context is edit. see #15454.

git-svn-id: http://svn.automattic.com/wordpress/trunk@16995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 10:04:21 +00:00 · 2010-12-16 10:04:21 +00:00 · 67dca406aa
parent eb574d4e5f
commit 67dca406aa
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -1211,7 +1211,7 @@ function sanitize_user_field($field, $value, $user_id, $context) {
 		}

 		if ( 'description' == $field )
-			$value = esc_html($value);
+			$value = esc_textarea( $value );
 		else
 			$value = esc_attr($value);
 	} else if ( 'db' == $context ) {