Escape single quotes in options.php. fixes #2656
git-svn-id: http://svn.automattic.com/wordpress/trunk@3710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7b2be71922
commit
97355f28fd
|
@ -95,7 +95,7 @@ default:
|
||||||
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
||||||
|
|
||||||
foreach ($options as $option) :
|
foreach ($options as $option) :
|
||||||
$value = wp_specialchars($option->option_value);
|
$value = wp_specialchars($option->option_value, 'single');
|
||||||
echo "
|
echo "
|
||||||
<tr>
|
<tr>
|
||||||
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
|
||||||
|
|
|
@ -103,6 +103,8 @@ function wp_specialchars( $text, $quotes = 0 ) {
|
||||||
$text = str_replace('>', '>', $text);
|
$text = str_replace('>', '>', $text);
|
||||||
if ( 'double' === $quotes ) {
|
if ( 'double' === $quotes ) {
|
||||||
$text = str_replace('"', '"', $text);
|
$text = str_replace('"', '"', $text);
|
||||||
|
} elseif ( 'single' === $quotes ) {
|
||||||
|
$text = str_replace("'", ''', $text);
|
||||||
} elseif ( $quotes ) {
|
} elseif ( $quotes ) {
|
||||||
$text = str_replace('"', '"', $text);
|
$text = str_replace('"', '"', $text);
|
||||||
$text = str_replace("'", ''', $text);
|
$text = str_replace("'", ''', $text);
|
||||||
|
|
Loading…
Reference in New Issue