Escape thousandsSeparator and decimalPoint JS variables, see #12005

git-svn-id: http://svn.automattic.com/wordpress/trunk@13078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-13 03:12:51 +00:00 · 2010-02-13 03:12:51 +00:00 · eddc178ee1
parent 8a5c11e08c
commit eddc178ee1
1 changed files with 1 additions and 1 deletions
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@ -35,7 +35,7 @@ $admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix);
 //<![CDATA[
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
 var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time() ?>'};
-var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = '<?php echo substr($pagenow, 0, -4); ?>', typenow = '<?php echo $typenow; ?>', adminpage = '<?php echo $admin_body_class; ?>',  thousandsSeparator = '<?php echo $wp_locale->number_format['thousands_sep']; ?>', decimalPoint = '<?php echo $wp_locale->number_format['decimal_point']; ?>';
+var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = '<?php echo substr($pagenow, 0, -4); ?>', typenow = '<?php echo $typenow; ?>', adminpage = '<?php echo $admin_body_class; ?>',  thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>', decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>';
 //]]>
 </script>
 <?php