WordPress.org

Plugin Directory

Changeset 509115


Ignore:
Timestamp:
02/22/12 22:49:35 (2 years ago)
Author:
josephscott
Message:

HTML escaping for Akismet widget

  • escape the title value from options
  • use esc_html instead of htmlspecialchars
File:
1 edited

Legend:

Unmodified
Added
Removed
  • akismet/trunk/widget.php

    r323838 r509115  
    1212        ?> 
    1313            <?php echo $before_widget; ?> 
    14                 <?php echo $before_title . $options['title'] . $after_title; ?> 
     14                <?php echo $before_title . esc_html( $options['title'] ) . $after_title; ?> 
    1515                <div id="akismetwrap"><div id="akismetstats"><a id="aka" href="http://akismet.com" title=""><?php printf( _n( '%1$s%2$s%3$s %4$sspam comment%5$s %6$sblocked by%7$s<br />%8$sAkismet%9$s', '%1$s%2$s%3$s %4$sspam comments%5$s %6$sblocked by%7$s<br />%8$sAkismet%9$s', $count ), '<span id="akismet1"><span id="akismetcount">', number_format_i18n( $count ), '</span>', '<span id="akismetsc">', '</span></span>', '<span id="akismet2"><span id="akismetbb">', '</span>', '<span id="akismeta">', '</span></span>' ); ?></a></div></div>  
    1616            <?php echo $after_widget; ?> 
     
    4747            update_option('widget_akismet', $options); 
    4848        } 
    49         $title = htmlspecialchars($options['title'], ENT_QUOTES); 
     49        $title = esc_html($options['title']); 
    5050    ?> 
    5151                <p><label for="akismet-title"><?php _e('Title:'); ?> <input style="width: 250px;" id="akismet-title" name="akismet-title" type="text" value="<?php echo $title; ?>" /></label></p> 
Note: See TracChangeset for help on using the changeset viewer.