Use ENT_QUOTES in esc_textarea() in case someone uses it in a value='' situation by accident. see #15454

git-svn-id: http://svn.automattic.com/wordpress/trunk@16993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 06:42:56 +02:00 · 2010-12-16 09:24:22 +00:00 · 2010-12-16 09:24:22 +00:00 · 49c11dc768
commit 49c11dc768
parent a189f21c45
1 changed files with 1 additions and 1 deletions
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -2368,7 +2368,7 @@ function esc_attr( $text ) {
 * @return string
 */
 function esc_textarea( $text ) {
-	$safe_text = htmlspecialchars( $text );
+	$safe_text = htmlspecialchars( $text, ENT_QUOTES );
 	return apply_filters( 'esc_textarea', $safe_text, $text );
 }