golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

A little escaping paranoia, just to be safe. (Already sanitized, higher up). for trunk 

git-svn-id: http://svn.automattic.com/wordpress/trunk@17410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2011-02-07 19:11:17 +00:00
parent f613349c98
commit dff3130153
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/includes/template.php
View File

@ -270,16 +270,16 @@ function get_inline_data($post) {
if ( ! current_user_can($post_type_object->cap->edit_post, $post->ID) )
return;
$title = htmlspecialchars( trim( $post->post_title ), ENT_QUOTES );
$title = esc_textarea( trim( $post->post_title ) );
echo '
<div class="hidden" id="inline_' . $post->ID . '">
<div class="post_title">' . $title . '</div>
<div class="post_name">' . apply_filters('editable_slug', $post->post_name) . '</div>
<div class="post_author">' . $post->post_author . '</div>
<div class="comment_status">' . $post->comment_status . '</div>
<div class="ping_status">' . $post->ping_status . '</div>
<div class="_status">' . $post->post_status . '</div>
<div class="comment_status">' . esc_html( $post->comment_status ) . '</div>
<div class="ping_status">' . esc_html( $post->ping_status ) . '</div>
<div class="_status">' . esc_html( $post->post_status ) . '</div>
<div class="jj">' . mysql2date( 'd', $post->post_date, false ) . '</div>
<div class="mm">' . mysql2date( 'm', $post->post_date, false ) . '</div>
<div class="aa">' . mysql2date( 'Y', $post->post_date, false ) . '</div>