Skip to content

Commit 6cbdd69

Browse files
azaozzazaozz
committed
Fully escape Post/Page titles, props Viper007Bond, fixes WordPress#9322
git-svn-id: https://develop.svn.wordpress.org/trunk@10787 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 5685b38 commit 6cbdd69

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

wp-admin/edit-form-advanced.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -595,7 +595,7 @@ function post_revisions_meta_box($post) {
595595
<div id="post-body-content" class="has-sidebar-content">
596596
<div id="titlediv">
597597
<div id="titlewrap">
598-
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
598+
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
599599
</div>
600600
<div class="inside">
601601
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>

wp-admin/edit-page-form.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -443,7 +443,7 @@ function page_revisions_meta_box($post) {
443443

444444
<div id="titlediv">
445445
<div id="titlewrap">
446-
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
446+
<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
447447
</div>
448448
<div class="inside">
449449
<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>

0 commit comments

Comments
 (0)