[wp-trac] [WordPress Trac] #21849: Update wp-comments-post.php from using escape() to esc_attr()
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 8 20:10:29 UTC 2012
#21849: Update wp-comments-post.php from using escape() to esc_attr()
-----------------------------+------------------------------
Reporter: ryansatterfield | Owner: ryansatterfield
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Comments | Version: 3.4.2
Severity: minor | Resolution: invalid
Keywords: has-patch |
-----------------------------+------------------------------
Changes (by nacin):
* status: new => closed
* type: task (blessed) => defect (bug)
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Rather than a full file, you can submit a patch using Subversion:
http://make.wordpress.org/core/handbook/submitting-a-patch/.
Did you try to submit a comment with this patch? esc_attr() does not exist
as a method on the $wpdb object. This will end up with a fatal error.
esc_attr() is for escaping output into an HTML attribute. $wpdb->escape()
is for escaping input to be used in a database query. There's more on
http://codex.wordpress.org/Data_Validation.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21849#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list