-<input type="hidden" name="ping_status" value="<?php echo $post->ping_status; ?>" />
-<input type="hidden" name="comment_status" value="<?php echo $post->comment_status; ?>" />
+<input type="hidden" name="ping_status" value="<?php echo esc_attr($post->ping_status); ?>" />
+<input type="hidden" name="comment_status" value="<?php echo esc_attr($post->comment_status); ?>" />