Escape thousandsSeparator and decimalPoint JS variables. fixes #12005 for 2.9.

git-svn-id: https://develop.svn.wordpress.org/branches/2.9@14258 602fd350-edb4-49c9-b593-d223f7449a82

1 files changed, 1 insertions, 1 deletions

diff --git a/wp-admin/admin-header.php b/wp-admin/admin-header.php
index 81711f3846..66a16c09f4 100644
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -41,7 +41,7 @@ $admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix);
 //<![CDATA[
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
 var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time() ?>'};
-var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = '<?php echo substr($pagenow, 0, -4); ?>', adminpage = '<?php echo $admin_body_class; ?>',  thousandsSeparator = '<?php echo $wp_locale->number_format['thousands_sep']; ?>', decimalPoint = '<?php echo $wp_locale->number_format['decimal_point']; ?>';
+var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = '<?php echo substr($pagenow, 0, -4); ?>', adminpage = '<?php echo $admin_body_class; ?>',  thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>', decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>';
 //]]>
 </script>
 <?php