Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Escape single quotes in options.php. fixes #2656 

git-svn-id: http://svn.automattic.com/wordpress/trunk@3710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-04-17 23:33:08 +00:00
parent 7b2be71922
commit 97355f28fd
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/options.php
View File

@ -95,7 +95,7 @@ default:
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
foreach ($options as $option) :
$value = wp_specialchars($option->option_value);
$value = wp_specialchars($option->option_value, 'single');
echo "
<tr>
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>

2
wp-includes/functions-formatting.php
View File

@ -103,6 +103,8 @@ function wp_specialchars( $text, $quotes = 0 ) {
$text = str_replace('>', '&gt;', $text);
if ( 'double' === $quotes ) {
$text = str_replace('"', '&quot;', $text);
} elseif ( 'single' === $quotes ) {
$text = str_replace("'", '&#039;', $text);
} elseif ( $quotes ) {
$text = str_replace('"', '&quot;', $text);
$text = str_replace("'", '&#039;', $text);