diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index dd0a74933a..5561bf38ac 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -113,6 +113,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) { if ($categories) { foreach ($categories as $category) { if ($category->category_parent == $parent) { + $category->cat_name = htmlspecialchars($category->cat_name); $count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID"); $pad = str_repeat('— ', $level); @@ -139,6 +140,7 @@ function wp_dropdown_cats($currentcat, $currentparent = 0, $parent = 0, $level = foreach ($categories as $category) { if ($currentcat != $category->cat_ID && $parent == $category->category_parent) { $count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID"); $pad = str_repeat('– ', $level); + $category->cat_name = htmlspecialchars($category->cat_name); echo "\n\t