Use esc_textarea(), not esc_html(), for escaping textarea content. props johnbillion. fixes #24300.

git-svn-id: http://core.svn.wordpress.org/trunk@24230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2013-05-10 02:06:34 +00:00
parent 74638ccb5a
commit c5a028821b
1 changed files with 3 additions and 3 deletions

View File

@ -53,7 +53,7 @@ wp_nonce_field( 'show-post-format-ui_' . $post_type, 'show_post_format_ui_nonce'
else else
_e( 'Image URL' ); _e( 'Image URL' );
?></label> ?></label>
<textarea id="wp_format_image" type="text" name="_format_image" class="widefat"><?php echo esc_html( $format_meta['image'] ); ?></textarea> <textarea id="wp_format_image" type="text" name="_format_image" class="widefat"><?php echo esc_textarea( $format_meta['image'] ); ?></textarea>
</div> </div>
<p class="use-url-or-html hide-if-no-js"><span><?php printf( __( '(or %suse an image URL or HTML%s)' ), '<a href="#">', '</a>' ); ?></span> <p class="use-url-or-html hide-if-no-js"><span><?php printf( __( '(or %suse an image URL or HTML%s)' ), '<a href="#">', '</a>' ); ?></span>
<span style="display: none"><?php printf( __( '(or %sselect/upload an image%s)' ), '<a href="#">', '</a>' ); ?></span></p> <span style="display: none"><?php printf( __( '(or %sselect/upload an image%s)' ), '<a href="#">', '</a>' ); ?></span></p>
@ -102,7 +102,7 @@ wp_nonce_field( 'show-post-format-ui_' . $post_type, 'show_post_format_ui_nonce'
else else
_e( 'Video URL' ); _e( 'Video URL' );
?></label> ?></label>
<textarea id="wp_format_video" type="text" name="_format_video_embed" class="widefat"><?php echo esc_html( $format_meta['video_embed'] ); ?></textarea> <textarea id="wp_format_video" type="text" name="_format_video_embed" class="widefat"><?php echo esc_textarea( $format_meta['video_embed'] ); ?></textarea>
<div data-format="video" class="wp-format-media-holder hide-if-no-js"> <div data-format="video" class="wp-format-media-holder hide-if-no-js">
<a href="#" class="wp-format-media-select" <a href="#" class="wp-format-media-select"
data-choose="<?php esc_attr_e( 'Choose a Video' ); ?>" data-choose="<?php esc_attr_e( 'Choose a Video' ); ?>"
@ -140,7 +140,7 @@ wp_nonce_field( 'show-post-format-ui_' . $post_type, 'show_post_format_ui_nonce'
else else
_e( 'Audio URL' ); _e( 'Audio URL' );
?></label> ?></label>
<textarea id="wp_format_audio" name="_format_audio_embed" class="widefat"><?php echo esc_html( $format_meta['audio_embed'] ); ?></textarea> <textarea id="wp_format_audio" name="_format_audio_embed" class="widefat"><?php echo esc_textarea( $format_meta['audio_embed'] ); ?></textarea>
<div data-format="audio" class="wp-format-media-holder hide-if-no-js"> <div data-format="audio" class="wp-format-media-holder hide-if-no-js">
<a href="#" class="wp-format-media-select" data-choose="<?php esc_attr_e( 'Choose Audio' ); ?>" data-update="<?php esc_attr_e( 'Select Audio' ); ?>"> <a href="#" class="wp-format-media-select" data-choose="<?php esc_attr_e( 'Choose Audio' ); ?>" data-update="<?php esc_attr_e( 'Select Audio' ); ?>">
<?php _e( 'Select Audio From Media Library' ) ?> <?php _e( 'Select Audio From Media Library' ) ?>