Fully escape Post/Page titles, props Viper007Bond, fixes #9322

git-svn-id: http://svn.automattic.com/wordpress/trunk@10787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-15 07:59:12 +00:00 · 2009-03-15 07:59:12 +00:00 · 361b70792f
parent d80df1030c
commit 361b70792f
2 changed files with 2 additions and 2 deletions
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@ -595,7 +595,7 @@ else
 <div id="post-body-content" class="has-sidebar-content">
 <div id="titlediv">
 <div id="titlewrap">
-	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
+	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
 </div>
 <div class="inside">
 <?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@ -443,7 +443,7 @@ $side_meta_boxes = do_meta_boxes('page', 'side', $post);

 <div id="titlediv">
 <div id="titlewrap">
-  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
+  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
 </div>
 <div class="inside">
 <?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>