Context Navigation

Back to Ticket #21767

Ticket #21767: 21767.9.diff

File 21767.9.diff, 141.0 KB (added by ryan, 3 months ago)
Remove stripslashes() from WP_Widget::update() handlers.

Line
1	Index: wp-comments-post.php
2	===================================================================
3	--- wp-comments-post.php (revision 23400)
4	+++ wp-comments-post.php (working copy)
5	@@ -17,8 +17,10 @@
6
7	nocache_headers();
8
9	-$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
10	+$post_data = wp_unslash( $_POST );
11
12	+$comment_post_ID = isset($post_data['comment_post_ID']) ? (int) $post_data['comment_post_ID'] : 0;
13	+
14	$post = get_post($comment_post_ID);
15
16	if ( empty($post->comment_status) ) {
17	@@ -47,10 +49,10 @@
18	do_action('pre_comment_on_post', $comment_post_ID);
19	}
20
21	-$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null;
22	-$comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null;
23	-$comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null;
24	-$comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
25	+$comment_author = ( isset( $post_data['author'] ) ) ? trim( strip_tags( $post_data['author'] ) ) : null;
26	+$comment_author_email = ( isset( $post_data['email'] ) ) ? trim( $post_data['email'] ) : null;
27	+$comment_author_url = ( isset( $post_data['url'] ) ) ? trim( $post_data['url'] ) : null;
28	+$comment_content = ( isset( $post_data['comment'] ) ) ? trim( $post_data['comment'] ) : null;
29
30	// If the user is logged in
31	$user = wp_get_current_user();
32	@@ -61,7 +63,7 @@
33	$comment_author_email = $wpdb->escape($user->user_email);
34	$comment_author_url = $wpdb->escape($user->user_url);
35	if ( current_user_can('unfiltered_html') ) {
36	- if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
37	+ if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $post_data['_wp_unfiltered_html_comment'] ) {
38	kses_remove_filters(); // start with a clean slate
39	kses_init_filters(); // set up the filters
40	}
41	@@ -83,7 +85,7 @@
42	if ( '' == $comment_content )
43	wp_die( __('<strong>ERROR</strong>: please type a comment.') );
44
45	-$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
46	+$comment_parent = isset($post_data['comment_parent']) ? absint($post_data['comment_parent']) : 0;
47
48	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
49
50	@@ -92,7 +94,7 @@
51	$comment = get_comment($comment_id);
52	do_action('set_comment_cookies', $comment, $user);
53
54	-$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
55	+$location = empty($post_data['redirect_to']) ? get_comment_link($comment_id) : $post_data['redirect_to'] . '#comment-' . $comment_id;
56	$location = apply_filters('comment_post_redirect', $location, $comment);
57
58	wp_safe_redirect( $location );
59	Index: wp-login.php
60	===================================================================
61	--- wp-login.php (revision 23400)
62	+++ wp-login.php (working copy)
63	@@ -396,7 +396,7 @@
64	}
65
66	// 10 days
67	- setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
68	+ setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
69
70	wp_safe_redirect( wp_get_referer() );
71	exit();
72	@@ -431,7 +431,7 @@
73	do_action('lost_password');
74	login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
75
76	- $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
77	+ $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
78
79	?>
80
81	@@ -530,8 +530,8 @@
82	$user_login = '';
83	$user_email = '';
84	if ( $http_post ) {
85	- $user_login = $_POST['user_login'];
86	- $user_email = $_POST['user_email'];
87	+ $user_login = wp_unslash( $_POST['user_login'] );
88	+ $user_email = wp_unslash( $_POST['user_email'] );
89	$errors = register_new_user($user_login, $user_email);
90	if ( !is_wp_error($errors) ) {
91	$redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
92	@@ -547,11 +547,11 @@
93	<form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
94	<p>
95	<label for="user_login"><?php _e('Username') ?><br />
96	- <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" /></label>
97	+ <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
98	</p>
99	<p>
100	<label for="user_email"><?php _e('E-mail') ?><br />
101	- <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" /></label>
102	+ <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email ); ?>" size="25" /></label>
103	</p>
104	<?php do_action('register_form'); ?>
105	<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
106	@@ -673,7 +673,7 @@
107	login_header(__('Log In'), '', $errors);
108
109	if ( isset($_POST['log']) )
110	- $user_login = ( 'incorrect_password' == $errors->get_error_code() \|\| 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
111	+ $user_login = ( 'incorrect_password' == $errors->get_error_code() \|\| 'empty_password' == $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
112	$rememberme = ! empty( $_POST['rememberme'] );
113	?>
114
115	Index: wp-includes/default-filters.php
116	===================================================================
117	--- wp-includes/default-filters.php (revision 23400)
118	+++ wp-includes/default-filters.php (working copy)
119	@@ -14,8 +14,8 @@
120
121	// Strip, trim, kses, special chars for string saves
122	foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
123	- add_filter( $filter, 'sanitize_text_field' );
124	- add_filter( $filter, 'wp_filter_kses' );
125	+ add_filter( $filter, 'sanitize_text_field' );
126	+ add_filter( $filter, 'wp_kses_data' );
127	add_filter( $filter, '_wp_specialchars', 30 );
128	}
129
130	@@ -31,22 +31,21 @@
131
132	// Kses only for textarea saves
133	foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
134	- add_filter( $filter, 'wp_filter_kses' );
135	+ add_filter( $filter, 'wp_kses_data' );
136	}
137
138	// Kses only for textarea admin displays
139	if ( is_admin() ) {
140	- foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
141	+ foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
142	add_filter( $filter, 'wp_kses_data' );
143	}
144	- add_filter( 'comment_text', 'wp_kses_post' );
145	}
146
147	// Email saves
148	foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
149	add_filter( $filter, 'trim' );
150	add_filter( $filter, 'sanitize_email' );
151	- add_filter( $filter, 'wp_filter_kses' );
152	+ add_filter( $filter, 'wp_kses_data' );
153	}
154
155	// Email admin display
156	Index: wp-includes/post-template.php
157	===================================================================
158	--- wp-includes/post-template.php (revision 23400)
159	+++ wp-includes/post-template.php (working copy)
160	@@ -583,7 +583,7 @@
161	$wp_hasher = new PasswordHash(8, true);
162	}
163
164	- $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
165	+ $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
166
167	return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
168	}
169	Index: wp-includes/taxonomy.php
170	===================================================================
171	--- wp-includes/taxonomy.php (revision 23400)
172	+++ wp-includes/taxonomy.php (working copy)
173	@@ -953,8 +953,7 @@
174	if ( empty($value) )
175	return false;
176	} else if ( 'name' == $field ) {
177	- // Assume already escaped
178	- $value = stripslashes($value);
179	+ $value = $value;
180	$field = 't.name';
181	} else {
182	$term = get_term( (int) $value, $taxonomy, $output, $filter);
183	@@ -1494,7 +1493,7 @@
184	return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) );
185	}
186
187	- $term = trim( stripslashes( $term ) );
188	+ $term = trim( $term );
189
190	if ( '' === $slug = sanitize_title($term) )
191	return 0;
192	@@ -2056,10 +2055,6 @@
193	$args = sanitize_term($args, $taxonomy, 'db');
194	extract($args, EXTR_SKIP);
195
196	- // expected_slashed ($name)
197	- $name = stripslashes($name);
198	- $description = stripslashes($description);
199	-
200	if ( empty($slug) )
201	$slug = sanitize_title($name);
202
203	@@ -2439,9 +2434,6 @@
204	if ( is_wp_error( $term ) )
205	return $term;
206
207	- // Escape data pulled from DB.
208	- $term = add_magic_quotes($term);
209	-
210	// Merge old and new args with new args overwriting old ones.
211	$args = array_merge($term, $args);
212
213	@@ -2450,10 +2442,6 @@
214	$args = sanitize_term($args, $taxonomy, 'db');
215	extract($args, EXTR_SKIP);
216
217	- // expected_slashed ($name)
218	- $name = stripslashes($name);
219	- $description = stripslashes($description);
220	-
221	if ( '' == trim($name) )
222	return new WP_Error('empty_term_name', __('A name is required for this term'));
223
224	Index: wp-includes/ms-files.php
225	===================================================================
226	--- wp-includes/ms-files.php (revision 23400)
227	+++ wp-includes/ms-files.php (working copy)
228	@@ -58,7 +58,7 @@
229	header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
230
231	// Support for Conditional GET
232	-$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
233	+$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
234
235	if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
236	$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
237	Index: wp-includes/class-wp-customize-manager.php
238	===================================================================
239	--- wp-includes/class-wp-customize-manager.php (revision 23400)
240	+++ wp-includes/class-wp-customize-manager.php (working copy)
241	@@ -310,7 +310,7 @@
242	public function post_value( $setting ) {
243	if ( ! isset( $this->_post_values ) ) {
244	if ( isset( $_POST['customized'] ) )
245	- $this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true );
246	+ $this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );
247	else
248	$this->_post_values = false;
249	}
250	Index: wp-includes/post.php
251	===================================================================
252	--- wp-includes/post.php (revision 23400)
253	+++ wp-includes/post.php (working copy)
254	@@ -1742,17 +1742,41 @@
255	* @link http://codex.wordpress.org/Function_Reference/add_post_meta
256	*
257	* @param int $post_id Post ID.
258	- * @param string $meta_key Metadata name.
259	- * @param mixed $meta_value Metadata value.
260	+ * @param string $meta_key Metadata name (expected slashed).
261	+ * @param mixed $meta_value Metadata value (expected slashed).
262	* @param bool $unique Optional, default is false. Whether the same key should not be added.
263	* @return bool False for failure. True for success.
264	*/
265	-function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
266	+function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
267	+ _deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' );
268	+
269	+ // expected slashed
270	+ $meta_key = stripslashes( $meta_key );
271	+ $meta_value = stripslashes_deep( $meta_value );
272	+
273	+ return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique );
274	+}
275	+
276	+/**
277	+ * Add meta data field to a post.
278	+ *
279	+ * Post meta data is called "Custom Fields" on the Administration Screen.
280	+ *
281	+ * @since 3.6.0
282	+ * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta
283	+ *
284	+ * @param int $post_id Post ID.
285	+ * @param string $meta_key Metadata name (clean, slashes already stripped).
286	+ * @param mixed $meta_value Metadata value (clean, slashes already stripped).
287	+ * @param bool $unique Optional, default is false. Whether the same key should not be added.
288	+ * @return bool False for failure. True for success.
289	+ */
290	+function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
291	// make sure meta is added to the post, not a revision
292	- if ( $the_post = wp_is_post_revision($post_id) )
293	+ if ( $the_post = wp_is_post_revision( $post_id ) )
294	$post_id = $the_post;
295
296	- return add_metadata('post', $post_id, $meta_key, $meta_value, $unique);
297	+ return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique );
298	}
299
300	/**
301	@@ -1809,17 +1833,45 @@
302	* @link http://codex.wordpress.org/Function_Reference/update_post_meta
303	*
304	* @param int $post_id Post ID.
305	- * @param string $meta_key Metadata key.
306	- * @param mixed $meta_value Metadata value.
307	+ * @param string $meta_key Metadata key (expected slashed).
308	+ * @param mixed $meta_value Metadata value (expected slashed).
309	* @param mixed $prev_value Optional. Previous value to check before removing.
310	* @return bool False on failure, true if success.
311	*/
312	-function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
313	+function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
314	+ _deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' );
315	+
316	+ // expected slashed
317	+ $meta_key = stripslashes( $meta_key );
318	+ $meta_value = stripslashes_deep( $meta_value );
319	+
320	+ return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value );
321	+}
322	+
323	+/**
324	+ * Update post meta field based on post ID.
325	+ *
326	+ * Use the $prev_value parameter to differentiate between meta fields with the
327	+ * same key and post ID.
328	+ *
329	+ * If the meta field for the post does not exist, it will be added.
330	+ *
331	+ * @since 3.6.0
332	+ * @uses $wpdb
333	+ * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta
334	+ *
335	+ * @param int $post_id Post ID.
336	+ * @param string $meta_key Metadata key (clean, slashes already stripped).
337	+ * @param mixed $meta_value Metadata value (clean, slashes already stripped).
338	+ * @param mixed $prev_value Optional. Previous value to check before removing.
339	+ * @return bool False on failure, true if success.
340	+ */
341	+function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
342	// make sure meta is added to the post, not a revision
343	- if ( $the_post = wp_is_post_revision($post_id) )
344	+ if ( $the_post = wp_is_post_revision( $post_id ) )
345	$post_id = $the_post;
346
347	- return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value);
348	+ return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value );
349	}
350
351	/**
352	@@ -2406,8 +2458,8 @@
353
354	do_action('wp_trash_post', $post_id);
355
356	- add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
357	- add_post_meta($post_id,'_wp_trash_meta_time', time());
358	+ wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
359	+ wp_add_post_meta($post_id,'_wp_trash_meta_time', time());
360
361	$post['post_status'] = 'trash';
362	wp_insert_post($post);
363	@@ -2483,7 +2535,7 @@
364	$statuses = array();
365	foreach ( $comments as $comment )
366	$statuses[$comment->comment_ID] = $comment->comment_approved;
367	- add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
368	+ wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
369
370	// Set status for all comments to post-trashed
371	$result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id));
372	@@ -2859,10 +2911,8 @@
373
374	$post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
375
376	- // expected_slashed (everything!)
377	$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
378	$data = apply_filters('wp_insert_post_data', $data, $postarr);
379	- $data = stripslashes_deep( $data );
380	$where = array( 'ID' => $post_ID );
381
382	if ( $update ) {
383	@@ -2875,7 +2925,7 @@
384	}
385	} else {
386	if ( isset($post_mime_type) )
387	- $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
388	+ $data['post_mime_type'] = $post_mime_type; // This isn't in the update
389	// If there is a suggested ID, use it if not already present
390	if ( !empty($import_id) ) {
391	$import_id = (int) $import_id;
392	@@ -2936,7 +2986,7 @@
393	else
394	return 0;
395	}
396	- update_post_meta($post_ID, '_wp_page_template', $page_template);
397	+ wp_update_post_meta($post_ID, '_wp_page_template', $page_template);
398	}
399
400	wp_transition_post_status($data['post_status'], $previous_status, $post);
401	@@ -2969,15 +3019,11 @@
402	if ( is_object($postarr) ) {
403	// non-escaped post was passed
404	$postarr = get_object_vars($postarr);
405	- $postarr = add_magic_quotes($postarr);
406	}
407
408	// First, get all of the original fields
409	$post = get_post($postarr['ID'], ARRAY_A);
410
411	- // Escape data pulled from DB.
412	- $post = add_magic_quotes($post);
413	-
414	// Passed post category list overwrites existing category list if not empty.
415	if ( isset($postarr['post_category']) && is_array($postarr['post_category'])
416	&& 0 != count($postarr['post_category']) )
417	@@ -3392,7 +3438,7 @@
418	$trackback_urls = explode(',', $tb_list);
419	foreach( (array) $trackback_urls as $tb_url) {
420	$tb_url = trim($tb_url);
421	- trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
422	+ trackback($tb_url, $post_title, $excerpt, $post_id);
423	}
424	}
425	}
426	@@ -3962,7 +4008,6 @@
427	else
428	$post_name = sanitize_title($post_name);
429
430	- // expected_slashed ($post_name)
431	$post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
432
433	if ( empty($post_date) )
434	@@ -4005,9 +4050,7 @@
435	if ( ! isset($pinged) )
436	$pinged = '';
437
438	- // expected_slashed (everything!)
439	$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
440	- $data = stripslashes_deep( $data );
441
442	if ( $update ) {
443	$wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) );
444	@@ -4052,7 +4095,7 @@
445	clean_post_cache( $post_ID );
446
447	if ( ! empty( $context ) )
448	- add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
449	+ wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
450
451	if ( $update) {
452	do_action('edit_attachment', $post_ID);
453	@@ -4439,7 +4482,7 @@
454
455	// if we haven't added this old slug before, add it now
456	if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) )
457	- add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
458	+ wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
459
460	// if the new slug was used previously, delete it from the list
461	if ( in_array($post->post_name, $old_slugs) )
462	@@ -4861,8 +4904,8 @@
463	return;
464
465	if ( get_option('default_pingback_flag') )
466	- add_post_meta( $post_id, '_pingme', '1' );
467	- add_post_meta( $post_id, '_encloseme', '1' );
468	+ wp_add_post_meta( $post_id, '_pingme', '1' );
469	+ wp_add_post_meta( $post_id, '_encloseme', '1' );
470
471	wp_schedule_single_event(time(), 'do_pings');
472	}
473	@@ -5088,7 +5131,6 @@
474	return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) );
475
476	$post = _wp_post_revision_fields( $post, $autosave );
477	- $post = add_magic_quotes($post); //since data is from db
478
479	$revision_id = wp_insert_post( $post );
480	if ( is_wp_error($revision_id) )
481	@@ -5167,8 +5209,6 @@
482
483	$update['ID'] = $revision['post_parent'];
484
485	- $update = add_magic_quotes( $update ); //since data is from db
486	-
487	$post_id = wp_update_post( $update );
488	if ( is_wp_error( $post_id ) )
489	return $post_id;
490	@@ -5390,7 +5430,7 @@
491	$thumbnail_id = absint( $thumbnail_id );
492	if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) {
493	if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) )
494	- return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
495	+ return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
496	else
497	return delete_post_meta( $post->ID, '_thumbnail_id' );
498	}
499	Index: wp-includes/default-widgets.php
500	===================================================================
501	--- wp-includes/default-widgets.php (revision 23400)
502	+++ wp-includes/default-widgets.php (working copy)
503	@@ -412,7 +412,7 @@
504	if ( current_user_can('unfiltered_html') )
505	$instance['text'] = $new_instance['text'];
506	else
507	- $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed
508	+ $instance['text'] = wp_kses_post( $new_instance['text'] );
509	$instance['filter'] = isset($new_instance['filter']);
510	return $instance;
511	}
512	@@ -1056,8 +1056,8 @@
513	}
514
515	function update( $new_instance, $old_instance ) {
516	- $instance['title'] = strip_tags(stripslashes($new_instance['title']));
517	- $instance['taxonomy'] = stripslashes($new_instance['taxonomy']);
518	+ $instance['title'] = strip_tags( $new_instance['title'] );
519	+ $instance['taxonomy'] = $new_instance['taxonomy'];
520	return $instance;
521	}
522
523	@@ -1118,7 +1118,7 @@
524	}
525
526	function update( $new_instance, $old_instance ) {
527	- $instance['title'] = strip_tags( stripslashes($new_instance['title']) );
528	+ $instance['title'] = strip_tags( $new_instance['title'] );
529	$instance['nav_menu'] = (int) $new_instance['nav_menu'];
530	return $instance;
531	}
532	Index: wp-includes/comment.php
533	===================================================================
534	--- wp-includes/comment.php (revision 23400)
535	+++ wp-includes/comment.php (working copy)
536	@@ -633,22 +633,22 @@
537	*/
538	function sanitize_comment_cookies() {
539	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
540	- $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
541	- $comment_author = stripslashes($comment_author);
542	+ $comment_author = wp_unslash( $_COOKIE['comment_author_'.COOKIEHASH] );
543	+ $comment_author = apply_filters('pre_comment_author_name', $comment_author);
544	$comment_author = esc_attr($comment_author);
545	$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
546	}
547
548	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
549	- $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
550	- $comment_author_email = stripslashes($comment_author_email);
551	+ $comment_author_email = wp_unslash( $_COOKIE['comment_author_email_'.COOKIEHASH] );
552	+ $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email);
553	$comment_author_email = esc_attr($comment_author_email);
554	$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
555	}
556
557	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
558	- $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
559	- $comment_author_url = stripslashes($comment_author_url);
560	+ $comment_author_url = wp_unslash( $_COOKIE['comment_author_url_'.COOKIEHASH] );
561	+ $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url);
562	$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
563	}
564	}
565	@@ -670,11 +670,10 @@
566	extract($commentdata, EXTR_SKIP);
567
568	// Simple duplicate check
569	- // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
570	- $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
571	+ $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author );
572	if ( $comment_author_email )
573	- $dupe .= "OR comment_author_email = '$comment_author_email' ";
574	- $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
575	+ $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email );
576	+ $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content );
577	if ( $wpdb->get_var($dupe) ) {
578	do_action( 'comment_duplicate_trigger', $commentdata );
579	if ( defined('DOING_AJAX') )
580	@@ -1262,7 +1261,7 @@
581	*/
582	function wp_insert_comment($commentdata) {
583	global $wpdb;
584	- extract(stripslashes_deep($commentdata), EXTR_SKIP);
585	+ extract($commentdata, EXTR_SKIP);
586
587	if ( ! isset($comment_author_IP) )
588	$comment_author_IP = '';
589	@@ -1507,7 +1506,7 @@
590	$commentarr = wp_filter_comment( $commentarr );
591
592	// Now extract the merged array.
593	- extract(stripslashes_deep($commentarr), EXTR_SKIP);
594	+ extract($commentarr, EXTR_SKIP);
595
596	$comment_content = apply_filters('comment_save_pre', $comment_content);
597
598	Index: wp-includes/functions.php
599	===================================================================
600	--- wp-includes/functions.php (revision 23400)
601	+++ wp-includes/functions.php (working copy)
602	@@ -468,7 +468,7 @@
603	}
604
605	if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
606	- add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
607	+ wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
608	}
609	}
610	}
611	@@ -1258,7 +1258,7 @@
612	function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
613	$jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
614	$ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
615	- $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
616	+ $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( wp_unslash( $ref ) ) . '" />';
617	if ( $echo )
618	echo $orig_referer_field;
619	return $orig_referer_field;
620	@@ -3879,4 +3879,4 @@
621	*/
622	function wp_checkdate( $month, $day, $year, $source_date ) {
623	return apply_filters( 'wp_checkdate', checkdate( $month, $day, $year ), $source_date );
624	-}
625	+}
626	\ No newline at end of file
627	Index: wp-includes/user.php
628	===================================================================
629	--- wp-includes/user.php (revision 23400)
630	+++ wp-includes/user.php (working copy)
631	@@ -1390,7 +1390,6 @@
632	}
633
634	$data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' );
635	- $data = stripslashes_deep( $data );
636
637	if ( $update ) {
638	$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
639	@@ -1462,9 +1461,6 @@
640	$user[ $key ] = get_user_meta( $ID, $key, true );
641	}
642
643	- // Escape data pulled from DB.
644	- $user = add_magic_quotes( $user );
645	-
646	// If password is changing, hash it now.
647	if ( ! empty($userdata['user_pass']) ) {
648	$plaintext_pass = $userdata['user_pass'];
649	Index: wp-includes/class-wp-xmlrpc-server.php
650	===================================================================
651	--- wp-includes/class-wp-xmlrpc-server.php (revision 23400)
652	+++ wp-includes/class-wp-xmlrpc-server.php (working copy)
653	@@ -280,17 +280,15 @@
654	$meta['id'] = (int) $meta['id'];
655	$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
656	if ( isset($meta['key']) ) {
657	- $meta['key'] = stripslashes( $meta['key'] );
658	if ( $meta['key'] != $pmeta->meta_key )
659	continue;
660	- $meta['value'] = stripslashes_deep( $meta['value'] );
661	if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
662	update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
663	} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
664	delete_metadata_by_mid( 'post', $meta['id'] );
665	}
666	- } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
667	- add_post_meta( $post_id, $meta['key'], $meta['value'] );
668	+ } elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
669	+ wp_add_post_meta( $post_id, $meta['key'], $meta['value'] );
670	}
671	}
672	}
673	@@ -462,8 +460,6 @@
674	return $this->blogger_getUsersBlogs( $args );
675	}
676
677	- $this->escape( $args );
678	-
679	$username = $args[0];
680	$password = $args[1];
681
682	@@ -955,8 +951,6 @@
683	if ( ! $this->minimum_args( $args, 4 ) )
684	return $this->error;
685
686	- $this->escape( $args );
687	-
688	$blog_id = (int) $args[0];
689	$username = $args[1];
690	$password = $args[2];
691	@@ -1239,8 +1233,6 @@
692	if ( ! $this->minimum_args( $args, 5 ) )
693	return $this->error;
694
695	- $this->escape( $args );
696	-
697	$blog_id = (int) $args[0];
698	$username = $args[1];
699	$password = $args[2];
700	@@ -1274,7 +1266,6 @@
701	else
702	$post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] );
703
704	- $this->escape( $post );
705	$merged_content_struct = array_merge( $post, $content_struct );
706
707	$retval = $this->_insert_post( $user, $merged_content_struct );
708	@@ -1301,8 +1292,6 @@
709	if ( ! $this->minimum_args( $args, 4 ) )
710	return $this->error;
711
712	- $this->escape( $args );
713	-
714	$blog_id = (int) $args[0];
715	$username = $args[1];
716	$password = $args[2];
717	@@ -1377,8 +1366,6 @@
718	if ( ! $this->minimum_args( $args, 4 ) )
719	return $this->error;
720
721	- $this->escape( $args );
722	-
723	$blog_id = (int) $args[0];
724	$username = $args[1];
725	$password = $args[2];
726	@@ -1434,8 +1421,6 @@
727	if ( ! $this->minimum_args( $args, 3 ) )
728	return $this->error;
729
730	- $this->escape( $args );
731	-
732	$blog_id = (int) $args[0];
733	$username = $args[1];
734	$password = $args[2];
735	@@ -1529,8 +1514,6 @@
736	if ( ! $this->minimum_args( $args, 4 ) )
737	return $this->error;
738
739	- $this->escape( $args );
740	-
741	$blog_id = (int) $args[0];
742	$username = $args[1];
743	$password = $args[2];
744	@@ -1616,8 +1599,6 @@
745	if ( ! $this->minimum_args( $args, 5 ) )
746	return $this->error;
747
748	- $this->escape( $args );
749	-
750	$blog_id = (int) $args[0];
751	$username = $args[1];
752	$password = $args[2];
753	@@ -1708,8 +1689,6 @@
754	if ( ! $this->minimum_args( $args, 5 ) )
755	return $this->error;
756
757	- $this->escape( $args );
758	-
759	$blog_id = (int) $args[0];
760	$username = $args[1];
761	$password = $args[2];
762	@@ -1775,8 +1754,6 @@
763	if ( ! $this->minimum_args( $args, 5 ) )
764	return $this->error;
765
766	- $this->escape( $args );
767	-
768	$blog_id = (int) $args[0];
769	$username = $args[1];
770	$password = $args[2];
771	@@ -1828,8 +1805,6 @@
772	if ( ! $this->minimum_args( $args, 4 ) )
773	return $this->error;
774
775	- $this->escape( $args );
776	-
777	$blog_id = (int) $args[0];
778	$username = $args[1];
779	$password = $args[2];
780	@@ -1903,8 +1878,6 @@
781	if ( ! $this->minimum_args( $args, 4 ) )
782	return $this->error;
783
784	- $this->escape( $args );
785	-
786	$blog_id = (int) $args[0];
787	$username = $args[1];
788	$password = $args[2];
789	@@ -1947,8 +1920,6 @@
790	if ( ! $this->minimum_args( $args, 3 ) )
791	return $this->error;
792
793	- $this->escape( $args );
794	-
795	$blog_id = (int) $args[0];
796	$username = $args[1];
797	$password = $args[2];
798	@@ -2016,8 +1987,6 @@
799	if ( ! $this->minimum_args( $args, 4 ) )
800	return $this->error;
801
802	- $this->escape( $args );
803	-
804	$blog_id = (int) $args[0];
805	$username = $args[1];
806	$password = $args[2];
807	@@ -2069,8 +2038,6 @@
808	if ( ! $this->minimum_args( $args, 3 ) )
809	return $this->error;
810
811	- $this->escape( $args );
812	-
813	$blog_id = (int) $args[0];
814	$username = $args[1];
815	$password = $args[2];
816	@@ -2137,8 +2104,6 @@
817	if ( ! $this->minimum_args( $args, 3 ) )
818	return $this->error;
819
820	- $this->escape( $args );
821	-
822	$blog_id = (int) $args[0];
823	$username = $args[1];
824	$password = $args[2];
825	@@ -2184,8 +2149,6 @@
826	if ( ! $this->minimum_args( $args, 4 ) )
827	return $this->error;
828
829	- $this->escape( $args );
830	-
831	$blog_id = (int) $args[0];
832	$username = $args[1];
833	$password = $args[2];
834	@@ -2249,8 +2212,6 @@
835	* @return array
836	*/
837	function wp_getPage($args) {
838	- $this->escape($args);
839	-
840	$blog_id = (int) $args[0];
841	$page_id = (int) $args[1];
842	$username = $args[2];
843	@@ -2292,8 +2253,6 @@
844	* @return array
845	*/
846	function wp_getPages($args) {
847	- $this->escape($args);
848	-
849	$blog_id = (int) $args[0];
850	$username = $args[1];
851	$password = $args[2];
852	@@ -2336,9 +2295,8 @@
853	* @return unknown
854	*/
855	function wp_newPage($args) {
856	- // Items not escaped here will be escaped in newPost.
857	- $username = $this->escape($args[1]);
858	- $password = $this->escape($args[2]);
859	+ $username = $args[1];
860	+ $password = $args[2];
861	$page = $args[3];
862	$publish = $args[4];
863
864	@@ -2363,8 +2321,6 @@
865	* @return bool True, if success.
866	*/
867	function wp_deletePage($args) {
868	- $this->escape($args);
869	-
870	$blog_id = (int) $args[0];
871	$username = $args[1];
872	$password = $args[2];
873	@@ -2404,11 +2360,10 @@
874	* @return unknown
875	*/
876	function wp_editPage($args) {
877	- // Items not escaped here will be escaped in editPost.
878	$blog_id = (int) $args[0];
879	- $page_id = (int) $this->escape($args[1]);
880	- $username = $this->escape($args[2]);
881	- $password = $this->escape($args[3]);
882	+ $page_id = (int) $args[1];
883	+ $username = $args[2];
884	+ $password = $args[3];
885	$content = $args[4];
886	$publish = $args[5];
887
888	@@ -2453,8 +2408,6 @@
889	function wp_getPageList($args) {
890	global $wpdb;
891
892	- $this->escape($args);
893	-
894	$blog_id = (int) $args[0];
895	$username = $args[1];
896	$password = $args[2];
897	@@ -2503,9 +2456,6 @@
898	* @return array
899	*/
900	function wp_getAuthors($args) {
901	-
902	- $this->escape($args);
903	-
904	$blog_id = (int) $args[0];
905	$username = $args[1];
906	$password = $args[2];
907	@@ -2539,8 +2489,6 @@
908	* @return array
909	*/
910	function wp_getTags( $args ) {
911	- $this->escape( $args );
912	-
913	$blog_id = (int) $args[0];
914	$username = $args[1];
915	$password = $args[2];
916	@@ -2580,8 +2528,6 @@
917	* @return int Category ID.
918	*/
919	function wp_newCategory($args) {
920	- $this->escape($args);
921	-
922	$blog_id = (int) $args[0];
923	$username = $args[1];
924	$password = $args[2];
925	@@ -2641,8 +2587,6 @@
926	* @return mixed See {@link wp_delete_term()} for return info.
927	*/
928	function wp_deleteCategory($args) {
929	- $this->escape($args);
930	-
931	$blog_id = (int) $args[0];
932	$username = $args[1];
933	$password = $args[2];
934	@@ -2673,8 +2617,6 @@
935	* @return array
936	*/
937	function wp_suggestCategories($args) {
938	- $this->escape($args);
939	-
940	$blog_id = (int) $args[0];
941	$username = $args[1];
942	$password = $args[2];
943	@@ -2710,8 +2652,6 @@
944	* @return array
945	*/
946	function wp_getComment($args) {
947	- $this->escape($args);
948	-
949	$blog_id = (int) $args[0];
950	$username = $args[1];
951	$password = $args[2];
952	@@ -2751,8 +2691,6 @@
953	* @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents
954	*/
955	function wp_getComments($args) {
956	- $this->escape($args);
957	-
958	$blog_id = (int) $args[0];
959	$username = $args[1];
960	$password = $args[2];
961	@@ -2811,8 +2749,6 @@
962	* @return mixed {@link wp_delete_comment()}
963	*/
964	function wp_deleteComment($args) {
965	- $this->escape($args);
966	-
967	$blog_id = (int) $args[0];
968	$username = $args[1];
969	$password = $args[2];
970	@@ -2865,8 +2801,6 @@
971	* @return bool True, on success.
972	*/
973	function wp_editComment($args) {
974	- $this->escape($args);
975	-
976	$blog_id = (int) $args[0];
977	$username = $args[1];
978	$password = $args[2];
979	@@ -2942,8 +2876,6 @@
980	function wp_newComment($args) {
981	global $wpdb;
982
983	- $this->escape($args);
984	-
985	$blog_id = (int) $args[0];
986	$username = $args[1];
987	$password = $args[2];
988	@@ -2978,9 +2910,9 @@
989	$comment['comment_post_ID'] = $post_id;
990
991	if ( $logged_in ) {
992	- $comment['comment_author'] = $wpdb->escape( $user->display_name );
993	- $comment['comment_author_email'] = $wpdb->escape( $user->user_email );
994	- $comment['comment_author_url'] = $wpdb->escape( $user->user_url );
995	+ $comment['comment_author'] = $user->display_name;
996	+ $comment['comment_author_email'] = $user->user_email;
997	+ $comment['comment_author_url'] = $user->user_url;
998	$comment['user_ID'] = $user->ID;
999	} else {
1000	$comment['comment_author'] = '';
1001	@@ -3027,8 +2959,6 @@
1002	* @return array
1003	*/
1004	function wp_getCommentStatusList($args) {
1005	- $this->escape( $args );
1006	-
1007	$blog_id = (int) $args[0];
1008	$username = $args[1];
1009	$password = $args[2];
1010	@@ -3053,8 +2983,6 @@
1011	* @return array
1012	*/
1013	function wp_getCommentCount( $args ) {
1014	- $this->escape($args);
1015	-
1016	$blog_id = (int) $args[0];
1017	$username = $args[1];
1018	$password = $args[2];
1019	@@ -3086,8 +3014,6 @@
1020	* @return array
1021	*/
1022	function wp_getPostStatusList( $args ) {
1023	- $this->escape( $args );
1024	-
1025	$blog_id = (int) $args[0];
1026	$username = $args[1];
1027	$password = $args[2];
1028	@@ -3112,8 +3038,6 @@
1029	* @return array
1030	*/
1031	function wp_getPageStatusList( $args ) {
1032	- $this->escape( $args );
1033	-
1034	$blog_id = (int) $args[0];
1035	$username = $args[1];
1036	$password = $args[2];
1037	@@ -3138,8 +3062,6 @@
1038	* @return array
1039	*/
1040	function wp_getPageTemplates( $args ) {
1041	- $this->escape( $args );
1042	-
1043	$blog_id = (int) $args[0];
1044	$username = $args[1];
1045	$password = $args[2];
1046	@@ -3165,8 +3087,6 @@
1047	* @return array
1048	*/
1049	function wp_getOptions( $args ) {
1050	- $this->escape( $args );
1051	-
1052	$blog_id = (int) $args[0];
1053	$username = $args[1];
1054	$password = $args[2];
1055	@@ -3215,8 +3135,6 @@
1056	* @return unknown
1057	*/
1058	function wp_setOptions( $args ) {
1059	- $this->escape( $args );
1060	-
1061	$blog_id = (int) $args[0];
1062	$username = $args[1];
1063	$password = $args[2];
1064	@@ -3264,8 +3182,6 @@
1065	* - 'metadata'
1066	*/
1067	function wp_getMediaItem($args) {
1068	- $this->escape($args);
1069	-
1070	$blog_id = (int) $args[0];
1071	$username = $args[1];
1072	$password = $args[2];
1073	@@ -3309,8 +3225,6 @@
1074	* @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents
1075	*/
1076	function wp_getMediaLibrary($args) {
1077	- $this->escape($args);
1078	-
1079	$blog_id = (int) $args[0];
1080	$username = $args[1];
1081	$password = $args[2];
1082	@@ -3351,8 +3265,6 @@
1083	* @return array
1084	*/
1085	function wp_getPostFormats( $args ) {
1086	- $this->escape( $args );
1087	-
1088	$blog_id = (int) $args[0];
1089	$username = $args[1];
1090	$password = $args[2];
1091	@@ -3411,8 +3323,6 @@
1092	if ( ! $this->minimum_args( $args, 4 ) )
1093	return $this->error;
1094
1095	- $this->escape( $args );
1096	-
1097	$blog_id = (int) $args[0];
1098	$username = $args[1];
1099	$password = $args[2];
1100	@@ -3457,8 +3367,6 @@
1101	if ( ! $this->minimum_args( $args, 3 ) )
1102	return $this->error;
1103
1104	- $this->escape( $args );
1105	-
1106	$blog_id = (int) $args[0];
1107	$username = $args[1];
1108	$password = $args[2];
1109	@@ -3511,8 +3419,6 @@
1110	if ( ! $this->minimum_args( $args, 4 ) )
1111	return $this->error;
1112
1113	- $this->escape( $args );
1114	-
1115	$blog_id = (int) $args[0];
1116	$username = $args[1];
1117	$password = $args[2];
1118	@@ -3577,8 +3483,6 @@
1119	if ( ! $this->minimum_args( $args, 3 ) )
1120	return $this->error;
1121
1122	- $this->escape( $args );
1123	-
1124	$blog_id = (int) $args[0];
1125	$username = $args[1];
1126	$password = $args[2];
1127	@@ -3628,8 +3532,6 @@
1128	if ( is_multisite() )
1129	return $this->_multisite_getUsersBlogs($args);
1130
1131	- $this->escape($args);
1132	-
1133	$username = $args[1];
1134	$password = $args[2];
1135
1136	@@ -3691,9 +3593,6 @@
1137	* @return array
1138	*/
1139	function blogger_getUserInfo($args) {
1140	-
1141	- $this->escape($args);
1142	-
1143	$username = $args[1];
1144	$password = $args[2];
1145
1146	@@ -3725,9 +3624,6 @@
1147	* @return array
1148	*/
1149	function blogger_getPost($args) {
1150	-
1151	- $this->escape($args);
1152	-
1153	$post_ID = (int) $args[1];
1154	$username = $args[2];
1155	$password = $args[3];
1156	@@ -3746,9 +3642,9 @@
1157
1158	$categories = implode(',', wp_get_post_categories($post_ID));
1159
1160	- $content = '<title>'.stripslashes($post_data['post_title']).'</title>';
1161	+ $content = '<title>'.$post_data['post_title'].'</title>';
1162	$content .= '<category>'.$categories.'</category>';
1163	- $content .= stripslashes($post_data['post_content']);
1164	+ $content .= $post_data['post_content'];
1165
1166	$struct = array(
1167	'userid' => (string) $post_data['post_author'],
1168	@@ -3769,9 +3665,6 @@
1169	* @return array
1170	*/
1171	function blogger_getRecentPosts($args) {
1172	-
1173	- $this->escape($args);
1174	-
1175	// $args[0] = appkey - ignored
1176	$blog_ID = (int) $args[1]; /* though we don't use it yet */
1177	$username = $args[2];
1178	@@ -3800,9 +3693,9 @@
1179	$post_date = $this->_convert_date( $entry['post_date'] );
1180	$categories = implode(',', wp_get_post_categories($entry['ID']));
1181
1182	- $content = '<title>'.stripslashes($entry['post_title']).'</title>';
1183	+ $content = '<title>'.$entry['post_title'].'</title>';
1184	$content .= '<category>'.$categories.'</category>';
1185	- $content .= stripslashes($entry['post_content']);
1186	+ $content .= $entry['post_content'];
1187
1188	$struct[] = array(
1189	'userid' => (string) $entry['post_author'],
1190	@@ -3850,9 +3743,6 @@
1191	* @return int
1192	*/
1193	function blogger_newPost($args) {
1194	-
1195	- $this->escape($args);
1196	-
1197	$blog_ID = (int) $args[1]; /* though we don't use it yet */
1198	$username = $args[2];
1199	$password = $args[3];
1200	@@ -3904,9 +3794,6 @@
1201	* @return bool true when done.
1202	*/
1203	function blogger_editPost($args) {
1204	-
1205	- $this->escape($args);
1206	-
1207	$post_ID = (int) $args[1];
1208	$username = $args[2];
1209	$password = $args[3];
1210	@@ -3923,8 +3810,6 @@
1211	if ( !$actual_post \|\| $actual_post['post_type'] != 'post' )
1212	return new IXR_Error(404, __('Sorry, no such post.'));
1213
1214	- $this->escape($actual_post);
1215	-
1216	if ( !current_user_can('edit_post', $post_ID) )
1217	return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
1218
1219	@@ -3960,8 +3845,6 @@
1220	* @return bool True when post is deleted.
1221	*/
1222	function blogger_deletePost($args) {
1223	- $this->escape($args);
1224	-
1225	$post_ID = (int) $args[1];
1226	$username = $args[2];
1227	$password = $args[3];
1228	@@ -4030,13 +3913,11 @@
1229	* @return int
1230	*/
1231	function mw_newPost($args) {
1232	- $this->escape($args);
1233	-
1234	- $blog_ID = (int) $args[0];
1235	- $username = $args[1];
1236	- $password = $args[2];
1237	+ $blog_ID = (int) $args[0];
1238	+ $username = $args[1];
1239	+ $password = $args[2];
1240	$content_struct = $args[3];
1241	- $publish = isset( $args[4] ) ? $args[4] : 0;
1242	+ $publish = isset( $args[4] ) ? $args[4] : 0;
1243
1244	if ( !$user = $this->login($username, $password) )
1245	return $this->error;
1246	@@ -4316,7 +4197,7 @@
1247	}
1248	}
1249	if (!$found)
1250	- add_post_meta( $post_ID, 'enclosure', $encstring );
1251	+ wp_add_post_meta( $post_ID, 'enclosure', $encstring );
1252	}
1253	}
1254
1255	@@ -4350,9 +4231,6 @@
1256	* @return bool True on success.
1257	*/
1258	function mw_editPost($args) {
1259	-
1260	- $this->escape($args);
1261	-
1262	$post_ID = (int) $args[0];
1263	$username = $args[1];
1264	$password = $args[2];
1265	@@ -4391,7 +4269,6 @@
1266	}
1267	}
1268
1269	- $this->escape($postdata);
1270	extract($postdata, EXTR_SKIP);
1271
1272	// Let WordPress manage slug if none was provided.
1273	@@ -4619,9 +4496,6 @@
1274	* @return array
1275	*/
1276	function mw_getPost($args) {
1277	-
1278	- $this->escape($args);
1279	-
1280	$post_ID = (int) $args[0];
1281	$username = $args[1];
1282	$password = $args[2];
1283	@@ -4743,9 +4617,6 @@
1284	* @return array
1285	*/
1286	function mw_getRecentPosts($args) {
1287	-
1288	- $this->escape($args);
1289	-
1290	$blog_ID = (int) $args[0];
1291	$username = $args[1];
1292	$password = $args[2];
1293	@@ -4858,9 +4729,6 @@
1294	* @return array
1295	*/
1296	function mw_getCategories($args) {
1297	-
1298	- $this->escape($args);
1299	-
1300	$blog_ID = (int) $args[0];
1301	$username = $args[1];
1302	$password = $args[2];
1303	@@ -4907,10 +4775,10 @@
1304	function mw_newMediaObject($args) {
1305	global $wpdb;
1306
1307	- $blog_ID = (int) $args[0];
1308	- $username = $wpdb->escape($args[1]);
1309	- $password = $wpdb->escape($args[2]);
1310	- $data = $args[3];
1311	+ $blog_ID = (int) $args[0];
1312	+ $username = $args[1];
1313	+ $password = $args[2];
1314	+ $data = $args[3];
1315
1316	$name = sanitize_file_name( $data['name'] );
1317	$type = $data['type'];
1318	@@ -4997,9 +4865,6 @@
1319	* @return array
1320	*/
1321	function mt_getRecentPostTitles($args) {
1322	-
1323	- $this->escape($args);
1324	-
1325	$blog_ID = (int) $args[0];
1326	$username = $args[1];
1327	$password = $args[2];
1328	@@ -5057,9 +4922,6 @@
1329	* @return array
1330	*/
1331	function mt_getCategoryList($args) {
1332	-
1333	- $this->escape($args);
1334	-
1335	$blog_ID = (int) $args[0];
1336	$username = $args[1];
1337	$password = $args[2];
1338	@@ -5095,9 +4957,6 @@
1339	* @return array
1340	*/
1341	function mt_getPostCategories($args) {
1342	-
1343	- $this->escape($args);
1344	-
1345	$post_ID = (int) $args[0];
1346	$username = $args[1];
1347	$password = $args[2];
1348	@@ -5138,9 +4997,6 @@
1349	* @return bool True on success.
1350	*/
1351	function mt_setPostCategories($args) {
1352	-
1353	- $this->escape($args);
1354	-
1355	$post_ID = (int) $args[0];
1356	$username = $args[1];
1357	$password = $args[2];
1358	@@ -5250,9 +5106,6 @@
1359	* @return int
1360	*/
1361	function mt_publishPost($args) {
1362	-
1363	- $this->escape($args);
1364	-
1365	$post_ID = (int) $args[0];
1366	$username = $args[1];
1367	$password = $args[2];
1368	@@ -5274,7 +5127,6 @@
1369	// retain old cats
1370	$cats = wp_get_post_categories($post_ID);
1371	$postdata['post_category'] = $cats;
1372	- $this->escape($postdata);
1373
1374	$result = wp_update_post($postdata);
1375
1376	@@ -5298,8 +5150,6 @@
1377
1378	do_action('xmlrpc_call', 'pingback.ping');
1379
1380	- $this->escape($args);
1381	-
1382	$pagelinkedfrom = $args[0];
1383	$pagelinkedto = $args[1];
1384
1385	@@ -5435,15 +5285,15 @@
1386	$pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom);
1387
1388	$context = '[...] ' . esc_html( $excerpt ) . ' [...]';
1389	- $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
1390	+ $pagelinkedfrom = $pagelinkedfrom;
1391
1392	$comment_post_ID = (int) $post_ID;
1393	$comment_author = $title;
1394	$comment_author_email = '';
1395	- $this->escape($comment_author);
1396	+ $comment_author;
1397	$comment_author_url = $pagelinkedfrom;
1398	$comment_content = $context;
1399	- $this->escape($comment_content);
1400	+ $comment_content;
1401	$comment_type = 'pingback';
1402
1403	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
1404	@@ -5465,13 +5315,10 @@
1405	* @return array
1406	*/
1407	function pingback_extensions_getPingbacks($args) {
1408	-
1409	global $wpdb;
1410
1411	do_action('xmlrpc_call', 'pingback.extensions.getPingbacks');
1412
1413	- $this->escape($args);
1414	-
1415	$url = $args;
1416
1417	$post_ID = url_to_postid($url);
1418	Index: wp-includes/formatting.php
1419	===================================================================
1420	--- wp-includes/formatting.php (revision 23400)
1421	+++ wp-includes/formatting.php (working copy)
1422	@@ -1716,10 +1716,7 @@
1423	* @return string Converted content.
1424	*/
1425	function wp_rel_nofollow( $text ) {
1426	- // This is a pre save filter, so text is already escaped.
1427	- $text = stripslashes($text);
1428	$text = preg_replace_callback('\|<a (.+?)>\|i', 'wp_rel_nofollow_callback', $text);
1429	- $text = esc_sql($text);
1430	return $text;
1431	}
1432
1433	@@ -3342,3 +3339,37 @@
1434	$urls_to_ping = implode( "\n", $urls_to_ping );
1435	return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
1436	}
1437	+
1438	+/**
1439	+ * Slash a string or array of strings.
1440	+ *
1441	+ * This should be used only for GPC data.
1442	+ *
1443	+ * @since 3.6.0
1444	+ *
1445	+ * @param string\|array $value String or array of strings to slash.
1446	+ * @return string\|array Slashed $value
1447	+ */
1448	+function wp_slash( $value ) {
1449	+ if ( is_array( $value ) ) {
1450	+ array_map( 'wp_slash', $value);
1451	+ } else {
1452	+ $value = addslashes( $value );
1453	+ }
1454	+
1455	+ return $value;
1456	+}
1457	+
1458	+/**
1459	+ * Remove slashes a string or array of strings.
1460	+ *
1461	+ * This should be used for GPC data before passing it along to core API.
1462	+ *
1463	+ * @since 3.6.0
1464	+ *
1465	+ * @param string\|array $value String or array of strings to unslash.
1466	+ * @return string\|array Unslashed $value
1467	+ */
1468	+function wp_unslash( $value ) {
1469	+ return stripslashes_deep( $value );
1470	+}
1471	Index: wp-includes/class-wp.php
1472	===================================================================
1473	--- wp-includes/class-wp.php (revision 23400)
1474	+++ wp-includes/class-wp.php (working copy)
1475	@@ -356,7 +356,7 @@
1476
1477	// Support for Conditional GET
1478	if (isset($_SERVER['HTTP_IF_NONE_MATCH']))
1479	- $client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH']));
1480	+ $client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597
1481	else $client_etag = false;
1482
1483	$client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
1484	Index: wp-includes/deprecated.php
1485	===================================================================
1486	--- wp-includes/deprecated.php (revision 23400)
1487	+++ wp-includes/deprecated.php (working copy)
1488	@@ -2383,7 +2383,7 @@
1489
1490	/** @todo Might need fix because usermeta data is assumed to be already escaped */
1491	if ( is_string($meta_value) )
1492	- $meta_value = stripslashes($meta_value);
1493	+ $meta_value = $meta_value;
1494	$meta_value = maybe_serialize($meta_value);
1495
1496	if (empty($meta_value)) {
1497	Index: wp-includes/cron.php
1498	===================================================================
1499	--- wp-includes/cron.php (revision 23400)
1500	+++ wp-includes/cron.php (working copy)
1501	@@ -230,7 +230,7 @@
1502	set_transient( 'doing_cron', $doing_wp_cron );
1503
1504	ob_start();
1505	- wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) );
1506	+ wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
1507	echo ' ';
1508
1509	// flush any buffers and send the headers
1510	Index: wp-includes/feed.php
1511	===================================================================
1512	--- wp-includes/feed.php (revision 23400)
1513	+++ wp-includes/feed.php (working copy)
1514	@@ -488,7 +488,7 @@
1515	*/
1516	function self_link() {
1517	$host = @parse_url(home_url());
1518	- echo esc_url( set_url_scheme( 'http://' . $host['host'] . stripslashes($_SERVER['REQUEST_URI']) ) );
1519	+ echo esc_url( set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
1520	}
1521
1522	/**
1523	Index: wp-includes/kses.php
1524	===================================================================
1525	--- wp-includes/kses.php (revision 23400)
1526	+++ wp-includes/kses.php (working copy)
1527	@@ -1326,18 +1326,18 @@
1528	*/
1529	function kses_init_filters() {
1530	// Normal filtering
1531	- add_filter('title_save_pre', 'wp_filter_kses');
1532	+ add_filter('title_save_pre', 'wp_kses_data');
1533
1534	// Comment filtering
1535	if ( current_user_can( 'unfiltered_html' ) )
1536	- add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
1537	+ add_filter( 'pre_comment_content', 'wp_kses_post' );
1538	else
1539	- add_filter( 'pre_comment_content', 'wp_filter_kses' );
1540	+ add_filter( 'pre_comment_content', 'wp_kses_data' );
1541
1542	// Post filtering
1543	- add_filter('content_save_pre', 'wp_filter_post_kses');
1544	- add_filter('excerpt_save_pre', 'wp_filter_post_kses');
1545	- add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
1546	+ add_filter('content_save_pre', 'wp_kses_post');
1547	+ add_filter('excerpt_save_pre', 'wp_kses_post');
1548	+ add_filter('content_filtered_save_pre', 'wp_kses_post');
1549	}
1550
1551	/**
1552	@@ -1354,16 +1354,16 @@
1553	*/
1554	function kses_remove_filters() {
1555	// Normal filtering
1556	- remove_filter('title_save_pre', 'wp_filter_kses');
1557	+ remove_filter('title_save_pre', 'wp_kses_data');
1558
1559	// Comment filtering
1560	- remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
1561	- remove_filter( 'pre_comment_content', 'wp_filter_kses' );
1562	+ remove_filter( 'pre_comment_content', 'wp_kses_post' );
1563	+ remove_filter( 'pre_comment_content', 'wp_kses_data' );
1564
1565	// Post filtering
1566	- remove_filter('content_save_pre', 'wp_filter_post_kses');
1567	- remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
1568	- remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
1569	+ remove_filter('content_save_pre', 'wp_kses_post');
1570	+ remove_filter('excerpt_save_pre', 'wp_kses_post');
1571	+ remove_filter('content_filtered_save_pre', 'wp_kses_post');
1572	}
1573
1574	/**
1575	Index: wp-includes/widgets.php
1576	===================================================================
1577	--- wp-includes/widgets.php (revision 23400)
1578	+++ wp-includes/widgets.php (working copy)
1579	@@ -224,7 +224,7 @@
1580	}
1581
1582	foreach ( $settings as $number => $new_instance ) {
1583	- $new_instance = stripslashes_deep($new_instance);
1584	+ $new_instance = wp_unslash($new_instance);
1585	$this->_set($number);
1586
1587	$old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array();
1588	Index: wp-includes/class-wp-customize-setting.php
1589	===================================================================
1590	--- wp-includes/class-wp-customize-setting.php (revision 23400)
1591	+++ wp-includes/class-wp-customize-setting.php (working copy)
1592	@@ -144,7 +144,7 @@
1593	* @return mixed Null if an input isn't valid, otherwise the sanitized value.
1594	*/
1595	public function sanitize( $value ) {
1596	- $value = stripslashes_deep( $value );
1597	+ $value = wp_unslash( $value );
1598	return apply_filters( "customize_sanitize_{$this->id}", $value, $this );
1599	}
1600
1601	Index: wp-includes/ms-functions.php
1602	===================================================================
1603	--- wp-includes/ms-functions.php (revision 23400)
1604	+++ wp-includes/ms-functions.php (working copy)
1605	@@ -279,9 +279,6 @@
1606	* @return int The ID of the newly created blog
1607	*/
1608	function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) {
1609	- $domain = addslashes( $domain );
1610	- $weblog_title = addslashes( $weblog_title );
1611	-
1612	if ( empty($path) )
1613	$path = '/';
1614
1615	@@ -1219,9 +1216,9 @@
1616	if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) )
1617	return false;
1618
1619	- $welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
1620	+ $welcome_email = get_site_option( 'welcome_email' );
1621	if ( $welcome_email == false )
1622	- $welcome_email = stripslashes( __( 'Dear User,
1623	+ $welcome_email = __( 'Dear User,
1624
1625	Your new SITE_NAME site has been successfully set up at:
1626	BLOG_URL
1627	@@ -1233,7 +1230,7 @@
1628
1629	We hope you enjoy your new site. Thanks!
1630
1631	---The Team @ SITE_NAME' ) );
1632	+--The Team @ SITE_NAME' );
1633
1634	$url = get_blogaddress_by_id($blog_id);
1635	$user = get_userdata( $user_id );
1636	Index: wp-includes/meta.php
1637	===================================================================
1638	--- wp-includes/meta.php (revision 23400)
1639	+++ wp-includes/meta.php (working copy)
1640	@@ -42,9 +42,6 @@
1641
1642	$column = esc_sql($meta_type . '_id');
1643
1644	- // expected_slashed ($meta_key)
1645	- $meta_key = stripslashes($meta_key);
1646	- $meta_value = stripslashes_deep($meta_value);
1647	$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
1648
1649	$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
1650	@@ -113,10 +110,7 @@
1651	$column = esc_sql($meta_type . '_id');
1652	$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
1653
1654	- // expected_slashed ($meta_key)
1655	- $meta_key = stripslashes($meta_key);
1656	$passed_value = $meta_value;
1657	- $meta_value = stripslashes_deep($meta_value);
1658	$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
1659
1660	$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
1661	Index: wp-includes/nav-menu.php
1662	===================================================================
1663	--- wp-includes/nav-menu.php (revision 23400)
1664	+++ wp-includes/nav-menu.php (working copy)
1665	@@ -369,20 +369,20 @@
1666
1667	$menu_item_db_id = (int) $menu_item_db_id;
1668
1669	- update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
1670	- update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );
1671	- update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );
1672	- update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
1673	- update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
1674	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
1675	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );
1676	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );
1677	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
1678	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
1679
1680	$args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
1681	$args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
1682	- update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
1683	- update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
1684	- update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
1685	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
1686	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
1687	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
1688
1689	if ( 0 == $menu_id )
1690	- update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
1691	+ wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
1692	elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) )
1693	delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );
1694
1695	Index: wp-mail.php
1696	===================================================================
1697	--- wp-mail.php (revision 23400)
1698	+++ wp-mail.php (working copy)
1699	@@ -202,7 +202,6 @@
1700	$post_category = array(get_option('default_email_category'));
1701
1702	$post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
1703	- $post_data = add_magic_quotes($post_data);
1704
1705	$post_ID = wp_insert_post($post_data);
1706	if ( is_wp_error( $post_ID ) )
1707	Index: wp-trackback.php
1708	===================================================================
1709	--- wp-trackback.php (revision 23400)
1710	+++ wp-trackback.php (working copy)
1711	@@ -45,9 +45,9 @@
1712	$charset = isset($_POST['charset']) ? $_POST['charset'] : '';
1713
1714	// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
1715	-$title = isset($_POST['title']) ? stripslashes($_POST['title']) : '';
1716	-$excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';
1717	-$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';
1718	+$title = isset($_POST['title']) ? wp_unslash( $_POST['title'] ) : '';
1719	+$excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt'] ) : '';
1720	+$blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] ) : '';
1721
1722	if ($charset)
1723	$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
1724	@@ -64,11 +64,6 @@
1725	$blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
1726	}
1727
1728	-// Now that mb_convert_encoding() has been given a swing, we need to escape these three
1729	-$title = $wpdb->escape($title);
1730	-$excerpt = $wpdb->escape($excerpt);
1731	-$blog_name = $wpdb->escape($blog_name);
1732	-
1733	if ( is_single() \|\| is_page() )
1734	$tb_id = $posts[0]->ID;
1735
1736	Index: wp-admin/network.php
1737	===================================================================
1738	--- wp-admin/network.php (revision 23400)
1739	+++ wp-admin/network.php (working copy)
1740	@@ -520,7 +520,7 @@
1741	$base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
1742	$subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
1743	if ( ! network_domain_check() ) {
1744	- $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
1745	+ $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
1746	if ( is_wp_error( $result ) ) {
1747	if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
1748	network_step2( $result );
1749	Index: wp-admin/users.php
1750	===================================================================
1751	--- wp-admin/users.php (revision 23400)
1752	+++ wp-admin/users.php (working copy)
1753	@@ -64,9 +64,9 @@
1754	);
1755
1756	if ( empty($_REQUEST) ) {
1757	- $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
1758	+ $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
1759	} elseif ( isset($_REQUEST['wp_http_referer']) ) {
1760	- $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
1761	+ $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) );
1762	$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
1763	} else {
1764	$redirect = 'users.php';
1765	@@ -357,7 +357,7 @@
1766	default:
1767
1768	if ( !empty($_GET['_wp_http_referer']) ) {
1769	- wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
1770	+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
1771	exit;
1772	}
1773
1774	@@ -381,7 +381,7 @@
1775	case 'add':
1776	if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) {
1777	$messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ),
1778	- esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ),
1779	+ esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
1780	self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>';
1781	} else {
1782	$messages[] = '<div id="message" class="updated"><p>' . __( 'New user created.' ) . '</p></div>';
1783	Index: wp-admin/edit-comments.php
1784	===================================================================
1785	--- wp-admin/edit-comments.php (revision 23400)
1786	+++ wp-admin/edit-comments.php (working copy)
1787	@@ -95,7 +95,7 @@
1788	wp_safe_redirect( $redirect_to );
1789	exit;
1790	} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
1791	- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
1792	+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
1793	exit;
1794	}
1795
1796	@@ -153,7 +153,7 @@
1797	echo __('Comments');
1798
1799	if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
1800	- printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
1801	+ printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
1802	</h2>
1803
1804	<?php
1805	Index: wp-admin/includes/class-wp-ms-sites-list-table.php
1806	===================================================================
1807	--- wp-admin/includes/class-wp-ms-sites-list-table.php (revision 23400)
1808	+++ wp-admin/includes/class-wp-ms-sites-list-table.php (working copy)
1809	@@ -29,7 +29,7 @@
1810
1811	$pagenum = $this->get_pagenum();
1812
1813	- $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : '';
1814	+ $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';
1815	$wild = '';
1816	if ( false !== strpos($s, '*') ) {
1817	$wild = '%';
1818	Index: wp-admin/includes/plugin-install.php
1819	===================================================================
1820	--- wp-admin/includes/plugin-install.php (revision 23400)
1821	+++ wp-admin/includes/plugin-install.php (working copy)
1822	@@ -116,8 +116,8 @@
1823	* @since 2.7.0
1824	*/
1825	function install_search_form( $type_selector = true ) {
1826	- $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term';
1827	- $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
1828	+ $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term';
1829	+ $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : '';
1830
1831	?><form id="search-plugins" method="get" action="">
1832	<input type="hidden" name="tab" value="search" />
1833	@@ -160,7 +160,7 @@
1834	*
1835	*/
1836	function install_plugins_favorites_form() {
1837	- $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
1838	+ $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
1839	?>
1840	<p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
1841	<form method="get" action="">
1842	@@ -251,7 +251,7 @@
1843	}
1844	}
1845	if ( isset($_GET['from']) )
1846	- $url .= '&from=' . urlencode(stripslashes($_GET['from']));
1847	+ $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) );
1848
1849	return compact('status', 'url', 'version');
1850	}
1851	@@ -264,7 +264,7 @@
1852	function install_plugin_information() {
1853	global $tab;
1854
1855	- $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) ));
1856	+ $api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) ));
1857
1858	if ( is_wp_error($api) )
1859	wp_die($api);
1860	@@ -295,7 +295,7 @@
1861	$api->$key = wp_kses( $api->$key, $plugins_allowedtags );
1862	}
1863
1864	- $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
1865	+ $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
1866	if ( empty($section) \|\| ! isset($api->sections[ $section ]) )
1867	$section = array_shift( $section_titles = array_keys((array)$api->sections) );
1868
1869	Index: wp-admin/includes/bookmark.php
1870	===================================================================
1871	--- wp-admin/includes/bookmark.php (revision 23400)
1872	+++ wp-admin/includes/bookmark.php (working copy)
1873	@@ -39,9 +39,9 @@
1874
1875	if ( !empty( $link_id ) ) {
1876	$_POST['link_id'] = $link_id;
1877	- return wp_update_link( $_POST );
1878	+ return wp_update_link( wp_unslash( $_POST ) );
1879	} else {
1880	- return wp_insert_link( $_POST );
1881	+ return wp_insert_link( wp_unslash( $_POST ) );
1882	}
1883	}
1884
1885	@@ -137,7 +137,7 @@
1886	$linkdata = wp_parse_args( $linkdata, $defaults );
1887	$linkdata = sanitize_bookmark( $linkdata, 'db' );
1888
1889	- extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
1890	+ extract( $linkdata, EXTR_SKIP );
1891
1892	$update = false;
1893
1894	@@ -250,9 +250,6 @@
1895
1896	$link = get_bookmark( $link_id, ARRAY_A );
1897
1898	- // Escape data pulled from DB.
1899	- $link = add_magic_quotes( $link );
1900	-
1901	// Passed link category list overwrites existing category list if not empty.
1902	if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] )
1903	&& 0 != count( $linkdata['link_category'] ) )
1904	Index: wp-admin/includes/taxonomy.php
1905	===================================================================
1906	--- wp-admin/includes/taxonomy.php (revision 23400)
1907	+++ wp-admin/includes/taxonomy.php (working copy)
1908	@@ -157,9 +157,6 @@
1909	// First, get all of the original fields
1910	$category = get_category($cat_ID, ARRAY_A);
1911
1912	- // Escape data pulled from DB.
1913	- $category = add_magic_quotes($category);
1914	-
1915	// Merge old and new fields with new fields overwriting old ones.
1916	$catarr = array_merge($category, $catarr);
1917
1918	Index: wp-admin/includes/file.php
1919	===================================================================
1920	--- wp-admin/includes/file.php (revision 23400)
1921	+++ wp-admin/includes/file.php (working copy)
1922	@@ -901,13 +901,13 @@
1923	$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
1924
1925	// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
1926	- $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
1927	- $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
1928	- $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
1929	+ $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
1930	+ $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
1931	+ $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
1932
1933	// Check to see if we are setting the public/private keys for ssh
1934	- $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
1935	- $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
1936	+ $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
1937	+ $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
1938
1939	//sanitize the hostname, Some people might pass in odd-data:
1940	$credentials['hostname'] = preg_replace('\|\w+://\|', '', $credentials['hostname']); //Strip any schemes off
1941	@@ -925,7 +925,7 @@
1942	else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
1943	$credentials['connection_type'] = 'ftps';
1944	else if ( !empty($_POST['connection_type']) )
1945	- $credentials['connection_type'] = stripslashes($_POST['connection_type']);
1946	+ $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
1947	else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
1948	$credentials['connection_type'] = 'ftp';
1949
1950	@@ -1050,7 +1050,7 @@
1951	<?php
1952	foreach ( (array) $extra_fields as $field ) {
1953	if ( isset( $_POST[ $field ] ) )
1954	- echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '" />';
1955	+ echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
1956	}
1957	submit_button( __( 'Proceed' ), 'button', 'upgrade' );
1958	?>
1959	Index: wp-admin/includes/class-wp-terms-list-table.php
1960	===================================================================
1961	--- wp-admin/includes/class-wp-terms-list-table.php (revision 23400)
1962	+++ wp-admin/includes/class-wp-terms-list-table.php (working copy)
1963	@@ -52,7 +52,7 @@
1964	$tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter
1965	}
1966
1967	- $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : '';
1968	+ $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
1969
1970	$args = array(
1971	'search' => $search,
1972	@@ -61,10 +61,10 @@
1973	);
1974
1975	if ( !empty( $_REQUEST['orderby'] ) )
1976	- $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) );
1977	+ $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
1978
1979	if ( !empty( $_REQUEST['order'] ) )
1980	- $args['order'] = trim( stripslashes( $_REQUEST['order'] ) );
1981	+ $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
1982
1983	$this->callback_args = $args;
1984
1985	Index: wp-admin/includes/ajax-actions.php
1986	===================================================================
1987	--- wp-admin/includes/ajax-actions.php (revision 23400)
1988	+++ wp-admin/includes/ajax-actions.php (working copy)
1989	@@ -59,7 +59,7 @@
1990	wp_die( 0 );
1991	}
1992
1993	- $s = stripslashes( $_GET['q'] );
1994	+ $s = wp_unslash( $_GET['q'] );
1995
1996	$comma = _x( ',', 'tag delimiter' );
1997	if ( ',' !== $comma )
1998	@@ -279,19 +279,21 @@
1999	*/
2000
2001	function _wp_ajax_add_hierarchical_term() {
2002	- $action = $_POST['action'];
2003	+ $post_data = wp_unslash( $_POST );
2004	+
2005	+ $action = $post_data['action'];
2006	$taxonomy = get_taxonomy(substr($action, 4));
2007	check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
2008	if ( !current_user_can( $taxonomy->cap->edit_terms ) )
2009	wp_die( -1 );
2010	- $names = explode(',', $_POST['new'.$taxonomy->name]);
2011	- $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
2012	+ $names = explode(',', $post_data['new'.$taxonomy->name]);
2013	+ $parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0;
2014	if ( 0 > $parent )
2015	$parent = 0;
2016	if ( $taxonomy->name == 'category' )
2017	- $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
2018	+ $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array();
2019	else
2020	- $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
2021	+ $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array();
2022	$checked_categories = array_map( 'absint', (array) $post_category );
2023	$popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
2024
2025	@@ -559,7 +561,7 @@
2026	check_ajax_referer( $action );
2027	if ( !current_user_can( 'manage_categories' ) )
2028	wp_die( -1 );
2029	- $names = explode(',', $_POST['newcat']);
2030	+ $names = explode( ',', wp_unslash( $_POST['newcat'] ) );
2031	$x = new WP_Ajax_Response();
2032	foreach ( $names as $cat_name ) {
2033	$cat_name = trim($cat_name);
2034	@@ -572,7 +574,7 @@
2035	continue;
2036	else if ( is_array( $cat_id ) )
2037	$cat_id = $cat_id['term_id'];
2038	- $cat_name = esc_html(stripslashes($cat_name));
2039	+ $cat_name = esc_html( wp_unslash( $cat_name ) );
2040	$x->add( array(
2041	'what' => 'link-category',
2042	'id' => $cat_id,
2043	@@ -586,9 +588,11 @@
2044	function wp_ajax_add_tag() {
2045	global $wp_list_table;
2046
2047	+ $post_data = wp_unslash( $_POST );
2048	+
2049	check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
2050	- $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
2051	- $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
2052	+ $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post';
2053	+ $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag';
2054	$tax = get_taxonomy($taxonomy);
2055
2056	if ( !current_user_can( $tax->cap->edit_terms ) )
2057	@@ -596,7 +600,7 @@
2058
2059	$x = new WP_Ajax_Response();
2060
2061	- $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
2062	+ $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
2063
2064	if ( !$tag \|\| is_wp_error($tag) \|\| (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
2065	$message = __('An error has occurred. Please reload the page and try again.');
2066	@@ -610,7 +614,7 @@
2067	$x->send();
2068	}
2069
2070	- $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) );
2071	+ $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $post_data['screen'] ) );
2072
2073	$level = 0;
2074	if ( is_taxonomy_hierarchical($taxonomy) ) {
2075	@@ -728,10 +732,10 @@
2076	$user = wp_get_current_user();
2077	if ( $user->exists() ) {
2078	$user_ID = $user->ID;
2079	- $comment_author = $wpdb->escape($user->display_name);
2080	- $comment_author_email = $wpdb->escape($user->user_email);
2081	- $comment_author_url = $wpdb->escape($user->user_url);
2082	- $comment_content = trim($_POST['content']);
2083	+ $comment_author = $user->display_name;
2084	+ $comment_author_email = $user->user_email;
2085	+ $comment_author_url = $user->user_url;
2086	+ $comment_content = trim( wp_unslash( $_POST['content'] ) );
2087	if ( current_user_can( 'unfiltered_html' ) ) {
2088	if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
2089	kses_remove_filters(); // start with a clean slate
2090	@@ -957,8 +961,8 @@
2091	) );
2092	} else { // Update?
2093	$mid = (int) key( $_POST['meta'] );
2094	- $key = stripslashes( $_POST['meta'][$mid]['key'] );
2095	- $value = stripslashes( $_POST['meta'][$mid]['value'] );
2096	+ $key = wp_unslash( $_POST['meta'][$mid]['key'] );
2097	+ $value = wp_unslash( $_POST['meta'][$mid]['value'] );
2098	if ( '' == trim($key) )
2099	wp_die( __( 'Please provide a custom field name.' ) );
2100	if ( '' == trim($value) )
2101	@@ -1227,7 +1231,7 @@
2102	$args = array();
2103
2104	if ( isset( $_POST['search'] ) )
2105	- $args['s'] = stripslashes( $_POST['search'] );
2106	+ $args['s'] = wp_unslash( $_POST['search'] );
2107	$args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
2108
2109	require(ABSPATH . WPINC . '/class-wp-editor.php');
2110	@@ -1328,7 +1332,6 @@
2111	$data = &$_POST;
2112
2113	$post = get_post( $post_ID, ARRAY_A );
2114	- $post = add_magic_quotes($post); //since it is from db
2115
2116	$data['content'] = $post['post_content'];
2117	$data['excerpt'] = $post['post_excerpt'];
2118	@@ -1376,8 +1379,10 @@
2119	global $wp_list_table;
2120
2121	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
2122	+
2123	+ $post_data = wp_unslash( $_POST );
2124
2125	- $taxonomy = sanitize_key( $_POST['taxonomy'] );
2126	+ $taxonomy = sanitize_key( $post_data['taxonomy'] );
2127	$tax = get_taxonomy( $taxonomy );
2128	if ( ! $tax )
2129	wp_die( 0 );
2130	@@ -1387,13 +1392,13 @@
2131
2132	$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) );
2133
2134	- if ( ! isset($_POST['tax_ID']) \|\| ! ( $id = (int) $_POST['tax_ID'] ) )
2135	+ if ( ! isset($post_data['tax_ID']) \|\| ! ( $id = (int) $post_data['tax_ID'] ) )
2136	wp_die( -1 );
2137
2138	$tag = get_term( $id, $taxonomy );
2139	- $_POST['description'] = $tag->description;
2140	+ $post_data['description'] = $tag->description;
2141
2142	- $updated = wp_update_term($id, $taxonomy, $_POST);
2143	+ $updated = wp_update_term($id, $taxonomy, $post_data );
2144	if ( $updated && !is_wp_error($updated) ) {
2145	$tag = get_term( $updated['term_id'], $taxonomy );
2146	if ( !$tag \|\| is_wp_error( $tag ) ) {
2147	@@ -1425,7 +1430,7 @@
2148	$post_types = get_post_types( array( 'public' => true ), 'objects' );
2149	unset( $post_types['attachment'] );
2150
2151	- $s = stripslashes( $_POST['ps'] );
2152	+ $s = wp_unslash( $_POST['ps'] );
2153	$searchand = $search = '';
2154	$args = array(
2155	'post_type' => array_keys( $post_types ),
2156	@@ -1596,7 +1601,7 @@
2157	$post_id = null;
2158	}
2159
2160	- $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
2161	+ $post_data = isset( $_REQUEST['post_data'] ) ? wp_unslash( $_REQUEST['post_data'] ) : array();
2162
2163	// If the context is custom header or background, make sure the uploaded file is an image.
2164	if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
2165	@@ -1630,10 +1635,10 @@
2166
2167	if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
2168	if ( 'custom-background' === $post_data['context'] )
2169	- update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
2170	+ wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
2171
2172	if ( 'custom-header' === $post_data['context'] )
2173	- update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
2174	+ wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
2175	}
2176
2177	if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
2178	@@ -1778,7 +1783,7 @@
2179	wp_die( 0 );
2180
2181	$new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1];
2182	- update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
2183	+ wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
2184	wp_die( 1 );
2185	}
2186
2187	@@ -1873,7 +1878,7 @@
2188	if ( ! current_user_can( 'edit_post', $id ) )
2189	wp_send_json_error();
2190
2191	- $changes = $_REQUEST['changes'];
2192	+ $changes = wp_unslash( $_REQUEST['changes'] );
2193	$post = get_post( $id, ARRAY_A );
2194
2195	if ( 'attachment' != $post['post_type'] )
2196	@@ -1890,10 +1895,10 @@
2197
2198	if ( isset( $changes['alt'] ) ) {
2199	$alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
2200	- $new_alt = stripslashes( $changes['alt'] );
2201	+ $new_alt = $changes['alt'];
2202	if ( $alt != $new_alt ) {
2203	$new_alt = wp_strip_all_tags( $new_alt, true );
2204	- update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) );
2205	+ wp_update_post_meta( $id, '_wp_attachment_image_alt', $new_alt );
2206	}
2207	}
2208
2209	@@ -1915,7 +1920,7 @@
2210
2211	if ( empty( $_REQUEST['attachments'] ) \|\| empty( $_REQUEST['attachments'][ $id ] ) )
2212	wp_send_json_error();
2213	- $attachment_data = $_REQUEST['attachments'][ $id ];
2214	+ $attachment_data = wp_unslash( $_REQUEST['attachments'][ $id ] );
2215
2216	check_ajax_referer( 'update-post_' . $id, 'nonce' );
2217
2218	@@ -1959,7 +1964,7 @@
2219
2220	check_ajax_referer( 'update-post_' . $post_id, 'nonce' );
2221
2222	- $attachments = $_REQUEST['attachments'];
2223	+ $attachments = wp_unslash( $_REQUEST['attachments'] );
2224
2225	if ( ! current_user_can( 'edit_post', $post_id ) )
2226	wp_send_json_error();
2227	@@ -1990,7 +1995,7 @@
2228	function wp_ajax_send_attachment_to_editor() {
2229	check_ajax_referer( 'media-send-to-editor', 'nonce' );
2230
2231	- $attachment = stripslashes_deep( $_POST['attachment'] );
2232	+ $attachment = wp_unslash( $_POST['attachment'] );
2233
2234	$id = intval( $attachment['id'] );
2235
2236	@@ -2045,7 +2050,7 @@
2237	function wp_ajax_send_link_to_editor() {
2238	check_ajax_referer( 'media-send-to-editor', 'nonce' );
2239
2240	- if ( ! $src = stripslashes( $_POST['src'] ) )
2241	+ if ( ! $src = wp_unslash( $_POST['src'] ) )
2242	wp_send_json_error();
2243
2244	if ( ! strpos( $src, '://' ) )
2245	@@ -2054,7 +2059,7 @@
2246	if ( ! $src = esc_url_raw( $src ) )
2247	wp_send_json_error();
2248
2249	- if ( ! $title = trim( stripslashes( $_POST['title'] ) ) )
2250	+ if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )
2251	$title = wp_basename( $src );
2252
2253	$html = '';
2254	@@ -2083,7 +2088,7 @@
2255	$screen_id = 'site';
2256
2257	if ( ! empty($_POST['data']) ) {
2258	- $data = (array) $_POST['data'];
2259	+ $data = wp_unslash( (array) $_POST['data'] );
2260	// todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..?
2261	$user = wp_get_current_user();
2262	$data['user_id'] = $user->exists() ? $user->ID : 0;
2263	Index: wp-admin/includes/post.php
2264	===================================================================
2265	--- wp-admin/includes/post.php (revision 23400)
2266	+++ wp-admin/includes/post.php (working copy)
2267	@@ -149,8 +149,8 @@
2268	*/
2269	function edit_post( $post_data = null ) {
2270
2271	- if ( empty($post_data) )
2272	- $post_data = &$_POST;
2273	+ if ( empty( $post_data ) )
2274	+ $post_data = wp_unslash( $_POST );
2275
2276	// Clear out any data in internal vars.
2277	unset( $post_data['filter'] );
2278	@@ -228,10 +228,9 @@
2279	if ( 'attachment' == $post_data['post_type'] ) {
2280	if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
2281	$image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
2282	- if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
2283	- $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
2284	- // update_meta expects slashed
2285	- update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
2286	+ if ( $image_alt != $post_data['_wp_attachment_image_alt'] ) {
2287	+ $image_alt = wp_strip_all_tags( $post_data['_wp_attachment_image_alt'], true );
2288	+ wp_update_post_meta( $post_ID, '_wp_attachment_image_alt', $image_alt );
2289	}
2290	}
2291
2292	@@ -241,7 +240,7 @@
2293
2294	add_meta( $post_ID );
2295
2296	- update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
2297	+ wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
2298
2299	wp_update_post( $post_data );
2300
2301	@@ -422,15 +421,15 @@
2302
2303	$post_title = '';
2304	if ( !empty( $_REQUEST['post_title'] ) )
2305	- $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
2306	+ $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
2307
2308	$post_content = '';
2309	if ( !empty( $_REQUEST['content'] ) )
2310	- $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
2311	+ $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
2312
2313	$post_excerpt = '';
2314	if ( !empty( $_REQUEST['excerpt'] ) )
2315	- $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
2316	+ $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
2317
2318	if ( $create_in_db ) {
2319	$post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) );
2320	@@ -479,9 +478,9 @@
2321	function post_exists($title, $content = '', $date = '') {
2322	global $wpdb;
2323
2324	- $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
2325	- $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
2326	- $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
2327	+ $post_title = sanitize_post_field( 'post_title', $title, 0, 'db' );
2328	+ $post_content = sanitize_post_field( 'post_content', $content, 0, 'db' );
2329	+ $post_date = sanitize_post_field( 'post_date', $date, 0, 'db' );
2330
2331	$query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
2332	$args = array();
2333	@@ -559,7 +558,7 @@
2334	}
2335
2336	// Create the post.
2337	- $post_ID = wp_insert_post( $_POST );
2338	+ $post_ID = wp_insert_post( wp_unslash( $_POST ) );
2339	if ( is_wp_error( $post_ID ) )
2340	return $post_ID;
2341
2342	@@ -568,7 +567,7 @@
2343
2344	add_meta( $post_ID );
2345
2346	- add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
2347	+ wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
2348
2349	// Now that we have an ID we can fix any attachment anchor hrefs
2350	_fix_attachment_links( $post_ID );
2351	@@ -612,9 +611,9 @@
2352	global $wpdb;
2353	$post_ID = (int) $post_ID;
2354
2355	- $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
2356	- $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
2357	- $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
2358	+ $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
2359	+ $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
2360	+ $metavalue = isset($_POST['metavalue']) ? wp_unslash( trim( $_POST['metavalue'] ) ) : '';
2361	if ( is_string( $metavalue ) )
2362	$metavalue = trim( $metavalue );
2363
2364	@@ -633,7 +632,7 @@
2365
2366	$metakey = esc_sql( $metakey );
2367
2368	- return add_post_meta( $post_ID, $metakey, $metavalue );
2369	+ return wp_add_post_meta( $post_ID, $metakey, $metavalue );
2370	}
2371
2372	return false;
2373	@@ -706,14 +705,11 @@
2374	* @since 1.2.0
2375	*
2376	* @param unknown_type $meta_id
2377	- * @param unknown_type $meta_key Expect Slashed
2378	- * @param unknown_type $meta_value Expect Slashed
2379	+ * @param unknown_type $meta_key
2380	+ * @param unknown_type $meta_value
2381	* @return unknown
2382	*/
2383	function update_meta( $meta_id, $meta_key, $meta_value ) {
2384	- $meta_key = stripslashes( $meta_key );
2385	- $meta_value = stripslashes_deep( $meta_value );
2386	-
2387	return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
2388	}
2389
2390	@@ -767,8 +763,6 @@
2391
2392	if ( $replace ) {
2393	$post['post_content'] = $content;
2394	- // Escape data pulled from DB.
2395	- $post = add_magic_quotes($post);
2396
2397	return wp_update_post($post);
2398	}
2399	@@ -1179,7 +1173,7 @@
2400	$now = time();
2401	$lock = "$now:$user_id";
2402
2403	- update_post_meta( $post->ID, '_edit_lock', $lock );
2404	+ wp_update_post_meta( $post->ID, '_edit_lock', $lock );
2405	return array( $now, $user_id );
2406	}
2407
2408	@@ -1230,14 +1224,14 @@
2409
2410	// Only store one autosave. If there is already an autosave, overwrite it.
2411	if ( $old_autosave = wp_get_post_autosave( $post_id ) ) {
2412	- $new_autosave = _wp_post_revision_fields( $_POST, true );
2413	+ $new_autosave = _wp_post_revision_fields( wp_unslash( $_POST ), true );
2414	$new_autosave['ID'] = $old_autosave->ID;
2415	$new_autosave['post_author'] = get_current_user_id();
2416	return wp_update_post( $new_autosave );
2417	}
2418
2419	// _wp_put_post_revision() expects unescaped.
2420	- $_POST = stripslashes_deep($_POST);
2421	+ $_POST = wp_unslash( $_POST );
2422
2423	// Otherwise create the new autosave as a special post revision
2424	return _wp_put_post_revision( $_POST, true );
2425	Index: wp-admin/includes/class-wp-users-list-table.php
2426	===================================================================
2427	--- wp-admin/includes/class-wp-users-list-table.php (revision 23400)
2428	+++ wp-admin/includes/class-wp-users-list-table.php (working copy)
2429	@@ -241,7 +241,7 @@
2430	// Check if the user for this row is editable
2431	if ( current_user_can( 'list_users' ) ) {
2432	// Set up the user editing link
2433	- $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
2434	+ $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
2435
2436	// Set up the hover actions for this user
2437	$actions = array();
2438	Index: wp-admin/includes/upgrade.php
2439	===================================================================
2440	--- wp-admin/includes/upgrade.php (revision 23400)
2441	+++ wp-admin/includes/upgrade.php (working copy)
2442	@@ -132,7 +132,7 @@
2443	$first_post = get_site_option( 'first_post' );
2444
2445	if ( empty($first_post) )
2446	- $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
2447	+ $first_post = __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' );
2448
2449	$first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post );
2450	$first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
2451	Index: wp-admin/includes/class-wp-ms-themes-list-table.php
2452	===================================================================
2453	--- wp-admin/includes/class-wp-ms-themes-list-table.php (revision 23400)
2454	+++ wp-admin/includes/class-wp-ms-themes-list-table.php (working copy)
2455	@@ -126,7 +126,7 @@
2456	function _search_callback( $theme ) {
2457	static $term;
2458	if ( is_null( $term ) )
2459	- $term = stripslashes( $_REQUEST['s'] );
2460	+ $term = wp_unslash( $_REQUEST['s'] );
2461
2462	foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) {
2463	// Don't mark up; Do translate.
2464	Index: wp-admin/includes/class-wp-plugin-install-list-table.php
2465	===================================================================
2466	--- wp-admin/includes/class-wp-plugin-install-list-table.php (revision 23400)
2467	+++ wp-admin/includes/class-wp-plugin-install-list-table.php (working copy)
2468	@@ -48,8 +48,8 @@
2469
2470	switch ( $tab ) {
2471	case 'search':
2472	- $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
2473	- $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
2474	+ $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
2475	+ $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
2476
2477	switch ( $type ) {
2478	case 'tag':
2479	@@ -73,7 +73,7 @@
2480	break;
2481
2482	case 'favorites':
2483	- $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
2484	+ $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
2485	update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
2486	if ( $user )
2487	$args['user'] = $user;
2488	Index: wp-admin/includes/dashboard.php
2489	===================================================================
2490	--- wp-admin/includes/dashboard.php (revision 23400)
2491	+++ wp-admin/includes/dashboard.php (working copy)
2492	@@ -1093,7 +1093,7 @@
2493	$widget_options[$widget_id]['number'] = $number;
2494
2495	if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) {
2496	- $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] );
2497	+ $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
2498	$widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
2499	// title is optional. If black, fill it if possible
2500	if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) {
2501	Index: wp-admin/includes/misc.php
2502	===================================================================
2503	--- wp-admin/includes/misc.php (revision 23400)
2504	+++ wp-admin/includes/misc.php (working copy)
2505	@@ -220,7 +220,7 @@
2506	* @return string
2507	*/
2508	function url_shorten( $url ) {
2509	- $short_url = str_replace( 'http://', '', stripslashes( $url ));
2510	+ $short_url = str_replace( 'http://', '', wp_unslash( $url ));
2511	$short_url = str_replace( 'www.', '', $short_url );
2512	$short_url = untrailingslashit( $short_url );
2513	if ( strlen( $short_url ) > 35 )
2514	@@ -323,8 +323,8 @@
2515
2516	if ( !$user = wp_get_current_user() )
2517	return;
2518	- $option = $_POST['wp_screen_options']['option'];
2519	- $value = $_POST['wp_screen_options']['value'];
2520	+ $option = wp_unslash( $_POST['wp_screen_options']['option'] );
2521	+ $value = wp_unslash( $_POST['wp_screen_options']['value'] );
2522
2523	if ( $option != sanitize_key( $option ) )
2524	return;
2525	Index: wp-admin/includes/class-wp-theme-install-list-table.php
2526	===================================================================
2527	--- wp-admin/includes/class-wp-theme-install-list-table.php (revision 23400)
2528	+++ wp-admin/includes/class-wp-theme-install-list-table.php (working copy)
2529	@@ -24,7 +24,7 @@
2530	$search_terms = array();
2531	$search_string = '';
2532	if ( ! empty( $_REQUEST['s'] ) ){
2533	- $search_string = strtolower( stripslashes( $_REQUEST['s'] ) );
2534	+ $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) );
2535	$search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) );
2536	}
2537
2538	@@ -59,7 +59,7 @@
2539
2540	switch ( $tab ) {
2541	case 'search':
2542	- $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
2543	+ $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
2544	switch ( $type ) {
2545	case 'tag':
2546	$args['tag'] = array_map( 'sanitize_key', $search_terms );
2547	Index: wp-admin/includes/deprecated.php
2548	===================================================================
2549	--- wp-admin/includes/deprecated.php (revision 23400)
2550	+++ wp-admin/includes/deprecated.php (working copy)
2551	@@ -472,7 +472,7 @@
2552	function WP_User_Search ($search_term = '', $page = '', $role = '') {
2553	_deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
2554
2555	- $this->search_term = stripslashes( $search_term );
2556	+ $this->search_term = $search_term;
2557	$this->raw_page = ( '' == $page ) ? false : (int) $page;
2558	$this->page = (int) ( '' == $page ) ? 1 : $page;
2559	$this->role = $role;
2560	@@ -551,7 +551,7 @@
2561	* @access public
2562	*/
2563	function prepare_vars_for_template_usage() {
2564	- $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
2565	+ $this->search_term = $this->search_term; // done with DB, from now on we want slashes gone
2566	}
2567
2568	/**
2569	Index: wp-admin/includes/class-wp-upgrader.php
2570	===================================================================
2571	--- wp-admin/includes/class-wp-upgrader.php (revision 23400)
2572	+++ wp-admin/includes/class-wp-upgrader.php (working copy)
2573	@@ -1427,7 +1427,7 @@
2574
2575	$install_actions = array();
2576
2577	- $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
2578	+ $from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins';
2579
2580	if ( 'import' == $from )
2581	$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&from=import&plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin & Run Importer') . '</a>';
2582	Index: wp-admin/includes/comment.php
2583	===================================================================
2584	--- wp-admin/includes/comment.php (revision 23400)
2585	+++ wp-admin/includes/comment.php (working copy)
2586	@@ -19,9 +19,6 @@
2587	function comment_exists($comment_author, $comment_date) {
2588	global $wpdb;
2589
2590	- $comment_author = stripslashes($comment_author);
2591	- $comment_date = stripslashes($comment_date);
2592	-
2593	return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
2594	WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
2595	}
2596	@@ -33,38 +30,40 @@
2597	*/
2598	function edit_comment() {
2599
2600	- if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
2601	+ $post_data = wp_unslash( $_POST );
2602	+
2603	+ if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) )
2604	wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
2605
2606	- $_POST['comment_author'] = $_POST['newcomment_author'];
2607	- $_POST['comment_author_email'] = $_POST['newcomment_author_email'];
2608	- $_POST['comment_author_url'] = $_POST['newcomment_author_url'];
2609	- $_POST['comment_approved'] = $_POST['comment_status'];
2610	- $_POST['comment_content'] = $_POST['content'];
2611	- $_POST['comment_ID'] = (int) $_POST['comment_ID'];
2612	+ $post_data['comment_author'] = $post_data['newcomment_author'];
2613	+ $post_data['comment_author_email'] = $post_data['newcomment_author_email'];
2614	+ $post_data['comment_author_url'] = $post_data['newcomment_author_url'];
2615	+ $post_data['comment_approved'] = $post_data['comment_status'];
2616	+ $post_data['comment_content'] = $post_data['content'];
2617	+ $post_data['comment_ID'] = (int) $post_data['comment_ID'];
2618
2619	foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
2620	- if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
2621	+ if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
2622	$_POST['edit_date'] = '1';
2623	break;
2624	}
2625	}
2626
2627	- if ( !empty ( $_POST['edit_date'] ) ) {
2628	- $aa = $_POST['aa'];
2629	- $mm = $_POST['mm'];
2630	- $jj = $_POST['jj'];
2631	- $hh = $_POST['hh'];
2632	- $mn = $_POST['mn'];
2633	- $ss = $_POST['ss'];
2634	+ if ( !empty ( $post_data['edit_date'] ) ) {
2635	+ $aa = $post_data['aa'];
2636	+ $mm = $post_data['mm'];
2637	+ $jj = $post_data['jj'];
2638	+ $hh = $post_data['hh'];
2639	+ $mn = $post_data['mn'];
2640	+ $ss = $post_data['ss'];
2641	$jj = ($jj > 31 ) ? 31 : $jj;
2642	$hh = ($hh > 23 ) ? $hh -24 : $hh;
2643	$mn = ($mn > 59 ) ? $mn -60 : $mn;
2644	$ss = ($ss > 59 ) ? $ss -60 : $ss;
2645	- $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
2646	+ $post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
2647	}
2648
2649	- wp_update_comment( $_POST );
2650	+ wp_update_comment( $post_data );
2651	}
2652
2653	/**
2654	Index: wp-admin/includes/class-wp-ms-users-list-table.php
2655	===================================================================
2656	--- wp-admin/includes/class-wp-ms-users-list-table.php (revision 23400)
2657	+++ wp-admin/includes/class-wp-ms-users-list-table.php (working copy)
2658	@@ -173,10 +173,10 @@
2659
2660	case 'username':
2661	$avatar = get_avatar( $user->user_email, 32 );
2662	- $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
2663	+ $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
2664
2665	echo "<td $attributes>"; ?>
2666	- <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo stripslashes( $user->user_login ); ?></a><?php
2667	+ <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php
2668	if ( in_array( $user->user_login, $super_admins ) )
2669	echo ' - ' . __( 'Super Admin' );
2670	?></strong>
2671	@@ -186,7 +186,7 @@
2672	$actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
2673
2674	if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) {
2675	- $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
2676	+ $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
2677	}
2678
2679	$actions = apply_filters( 'ms_user_row_actions', $actions, $user );
2680	Index: wp-admin/includes/image-edit.php
2681	===================================================================
2682	--- wp-admin/includes/image-edit.php (revision 23400)
2683	+++ wp-admin/includes/image-edit.php (working copy)
2684	@@ -454,7 +454,7 @@
2685	if ( is_wp_error( $img ) )
2686	return false;
2687
2688	- $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null;
2689	+ $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash( $_REQUEST['history'] ) ) : null;
2690	if ( $changes )
2691	$img = image_edit_apply_changes( $img, $changes );
2692
2693	@@ -533,7 +533,7 @@
2694	}
2695	}
2696
2697	- if ( !wp_update_attachment_metadata($post_id, $meta) \|\| !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
2698	+ if ( !wp_update_attachment_metadata($post_id, $meta) \|\| !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
2699	$msg->error = __('Cannot save image metadata.');
2700	return $msg;
2701	}
2702	@@ -587,7 +587,7 @@
2703	return $return;
2704	}
2705	} elseif ( !empty($_REQUEST['history']) ) {
2706	- $changes = json_decode( stripslashes($_REQUEST['history']) );
2707	+ $changes = json_decode( wp_unslash( $_REQUEST['history'] ) );
2708	if ( $changes )
2709	$img = image_edit_apply_changes($img, $changes);
2710	} else {
2711	@@ -699,7 +699,7 @@
2712
2713	if ( $success ) {
2714	wp_update_attachment_metadata( $post_id, $meta );
2715	- update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
2716	+ wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
2717
2718	if ( $target == 'thumbnail' \|\| $target == 'all' \|\| $target == 'full' ) {
2719	// Check if it's an image edit from attachment edit screen
2720	Index: wp-admin/includes/class-wp-plugins-list-table.php
2721	===================================================================
2722	--- wp-admin/includes/class-wp-plugins-list-table.php (revision 23400)
2723	+++ wp-admin/includes/class-wp-plugins-list-table.php (working copy)
2724	@@ -22,7 +22,7 @@
2725	$status = $_REQUEST['plugin_status'];
2726
2727	if ( isset($_REQUEST['s']) )
2728	- $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) );
2729	+ $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );
2730
2731	$page = $this->get_pagenum();
2732	}
2733	@@ -140,7 +140,7 @@
2734	function _search_callback( $plugin ) {
2735	static $term;
2736	if ( is_null( $term ) )
2737	- $term = stripslashes( $_REQUEST['s'] );
2738	+ $term = wp_unslash( $_REQUEST['s'] );
2739
2740	foreach ( $plugin as $value )
2741	if ( stripos( $value, $term ) !== false )
2742	Index: wp-admin/includes/theme-install.php
2743	===================================================================
2744	--- wp-admin/includes/theme-install.php (revision 23400)
2745	+++ wp-admin/includes/theme-install.php (working copy)
2746	@@ -50,8 +50,8 @@
2747	* @since 2.8.0
2748	*/
2749	function install_theme_search_form( $type_selector = true ) {
2750	- $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
2751	- $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
2752	+ $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
2753	+ $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
2754	if ( ! $type_selector )
2755	echo '<p class="install-help">' . __( 'Search for themes by keyword.' ) . '</p>';
2756	?>
2757	@@ -179,7 +179,7 @@
2758	function install_theme_information() {
2759	global $tab, $themes_allowedtags, $wp_list_table;
2760
2761	- $theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) );
2762	+ $theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) );
2763
2764	if ( is_wp_error( $theme ) )
2765	wp_die( $theme );
2766	Index: wp-admin/includes/class-wp-themes-list-table.php
2767	===================================================================
2768	--- wp-admin/includes/class-wp-themes-list-table.php (revision 23400)
2769	+++ wp-admin/includes/class-wp-themes-list-table.php (working copy)
2770	@@ -28,7 +28,7 @@
2771	$themes = wp_get_themes( array( 'allowed' => true ) );
2772
2773	if ( ! empty( $_REQUEST['s'] ) )
2774	- $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) );
2775	+ $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) );
2776
2777	if ( ! empty( $_REQUEST['features'] ) )
2778	$this->features = $_REQUEST['features'];
2779	@@ -235,7 +235,7 @@
2780	* @uses _pagination_args['total_pages']
2781	*/
2782	function _js_vars( $extra_args = array() ) {
2783	- $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
2784	+ $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
2785
2786	$args = array(
2787	'search' => $search_string,
2788	Index: wp-admin/includes/class-wp-comments-list-table.php
2789	===================================================================
2790	--- wp-admin/includes/class-wp-comments-list-table.php (revision 23400)
2791	+++ wp-admin/includes/class-wp-comments-list-table.php (working copy)
2792	@@ -170,7 +170,7 @@
2793	/*
2794	// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
2795	if ( !empty( $_REQUEST['s'] ) )
2796	- $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link );
2797	+ $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );
2798	*/
2799	$status_links[$status] = "<a href='$link'$class>" . sprintf(
2800	translate_nooped_plural( $label, $num_comments->$status ),
2801	Index: wp-admin/includes/template.php
2802	===================================================================
2803	--- wp-admin/includes/template.php (revision 23400)
2804	+++ wp-admin/includes/template.php (working copy)
2805	@@ -1331,7 +1331,7 @@
2806	*
2807	*/
2808	function _admin_search_query() {
2809	- echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
2810	+ echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
2811	}
2812
2813	/**
2814	Index: wp-admin/includes/user.php
2815	===================================================================
2816	--- wp-admin/includes/user.php (revision 23400)
2817	+++ wp-admin/includes/user.php (working copy)
2818	@@ -38,18 +38,21 @@
2819	} else {
2820	$update = false;
2821	}
2822	+
2823	+ // get clean data before we get started.
2824	+ $post_data = wp_unslash( $_POST );
2825
2826	- if ( !$update && isset( $_POST['user_login'] ) )
2827	- $user->user_login = sanitize_user($_POST['user_login'], true);
2828	+ if ( !$update && isset( $post_data['user_login'] ) )
2829	+ $user->user_login = sanitize_user($post_data['user_login'], true);
2830
2831	$pass1 = $pass2 = '';
2832	- if ( isset( $_POST['pass1'] ))
2833	- $pass1 = $_POST['pass1'];
2834	- if ( isset( $_POST['pass2'] ))
2835	- $pass2 = $_POST['pass2'];
2836	+ if ( isset( $post_data['pass1'] ))
2837	+ $pass1 = $post_data['pass1'];
2838	+ if ( isset( $post_data['pass2'] ))
2839	+ $pass2 = $post_data['pass2'];
2840
2841	- if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
2842	- $new_role = sanitize_text_field( $_POST['role'] );
2843	+ if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) {
2844	+ $new_role = sanitize_text_field( $post_data['role'] );
2845	$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
2846	// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
2847	// Multisite super admins can freely edit their blog roles -- they possess all caps.
2848	@@ -62,44 +65,44 @@
2849	wp_die(__('You can’t give users that role.'));
2850	}
2851
2852	- if ( isset( $_POST['email'] ))
2853	- $user->user_email = sanitize_text_field( $_POST['email'] );
2854	- if ( isset( $_POST['url'] ) ) {
2855	- if ( empty ( $_POST['url'] ) \|\| $_POST['url'] == 'http://' ) {
2856	+ if ( isset( $post_data['email'] ))
2857	+ $user->user_email = sanitize_text_field( $post_data['email'] );
2858	+ if ( isset( $post_data['url'] ) ) {
2859	+ if ( empty ( $post_data['url'] ) \|\| $post_data['url'] == 'http://' ) {
2860	$user->user_url = '';
2861	} else {
2862	- $user->user_url = esc_url_raw( $_POST['url'] );
2863	+ $user->user_url = esc_url_raw( $post_data['url'] );
2864	$protocols = implode( '\|', array_map( 'preg_quote', wp_allowed_protocols() ) );
2865	$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
2866	}
2867	}
2868	- if ( isset( $_POST['first_name'] ) )
2869	- $user->first_name = sanitize_text_field( $_POST['first_name'] );
2870	- if ( isset( $_POST['last_name'] ) )
2871	- $user->last_name = sanitize_text_field( $_POST['last_name'] );
2872	- if ( isset( $_POST['nickname'] ) )
2873	- $user->nickname = sanitize_text_field( $_POST['nickname'] );
2874	- if ( isset( $_POST['display_name'] ) )
2875	- $user->display_name = sanitize_text_field( $_POST['display_name'] );
2876	+ if ( isset( $post_data['first_name'] ) )
2877	+ $user->first_name = sanitize_text_field( $post_data['first_name'] );
2878	+ if ( isset( $post_data['last_name'] ) )
2879	+ $user->last_name = sanitize_text_field( $post_data['last_name'] );
2880	+ if ( isset( $post_data['nickname'] ) )
2881	+ $user->nickname = sanitize_text_field( $post_data['nickname'] );
2882	+ if ( isset( $post_data['display_name'] ) )
2883	+ $user->display_name = sanitize_text_field( $post_data['display_name'] );
2884
2885	- if ( isset( $_POST['description'] ) )
2886	- $user->description = trim( $_POST['description'] );
2887	+ if ( isset( $post_data['description'] ) )
2888	+ $user->description = trim( $post_data['description'] );
2889
2890	foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) {
2891	- if ( isset( $_POST[$method] ))
2892	- $user->$method = sanitize_text_field( $_POST[$method] );
2893	+ if ( isset( $post_data[$method] ))
2894	+ $user->$method = sanitize_text_field( $post_data[$method] );
2895	}
2896
2897	if ( $update ) {
2898	- $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
2899	- $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
2900	- $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
2901	+ $user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true';
2902	+ $user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh';
2903	+ $user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false';
2904	}
2905
2906	- $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
2907	+ $user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : '';
2908
2909	$user->use_ssl = 0;
2910	- if ( !empty($_POST['use_ssl']) )
2911	+ if ( !empty($post_data['use_ssl']) )
2912	$user->use_ssl = 1;
2913
2914	$errors = new WP_Error();
2915	@@ -124,7 +127,7 @@
2916	}
2917
2918	/* Check for "\" in password */
2919	- if ( false !== strpos( stripslashes($pass1), "\\" ) )
2920	+ if ( false !== strpos( $pass1, "\\" ) )
2921	$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
2922
2923	/* checking the password has been typed twice the same */
2924	@@ -134,7 +137,7 @@
2925	if ( !empty( $pass1 ) )
2926	$user->user_pass = $pass1;
2927
2928	- if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
2929	+ if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) )
2930	$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
2931
2932	if ( !$update && username_exists( $user->user_login ) )
2933	@@ -159,7 +162,7 @@
2934	$user_id = wp_update_user( $user );
2935	} else {
2936	$user_id = wp_insert_user( $user );
2937	- wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' );
2938	+ wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' );
2939	}
2940	return $user_id;
2941	}
2942	Index: wp-admin/includes/media.php
2943	===================================================================
2944	--- wp-admin/includes/media.php (revision 23400)
2945	+++ wp-admin/includes/media.php (working copy)
2946	@@ -444,6 +444,8 @@
2947	}
2948
2949	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
2950	+ $attachment = wp_unslash( $attachment );
2951	+
2952	$post = $_post = get_post($attachment_id, ARRAY_A);
2953	$post_type_object = get_post_type_object( $post[ 'post_type' ] );
2954
2955	@@ -468,10 +470,9 @@
2956
2957	if ( isset($attachment['image_alt']) ) {
2958	$image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
2959	- if ( $image_alt != stripslashes($attachment['image_alt']) ) {
2960	- $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
2961	- // update_meta expects slashed
2962	- update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
2963	+ if ( $image_alt != $attachment['image_alt'] ) {
2964	+ $image_alt = wp_strip_all_tags( $attachment['image_alt'], true );
2965	+ wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt );
2966	}
2967	}
2968
2969	@@ -501,7 +502,7 @@
2970	}
2971
2972	if ( isset($send_id) ) {
2973	- $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
2974	+ $attachment = wp_unslash( $_POST['attachments'][$send_id] );
2975
2976	$html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
2977	if ( !empty($attachment['url']) ) {
2978	@@ -546,7 +547,7 @@
2979	$src = "http://$src";
2980
2981	if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) {
2982	- $title = esc_html( stripslashes( $_POST['title'] ) );
2983	+ $title = esc_html( wp_unslash( $_POST['title'] ) );
2984	if ( empty( $title ) )
2985	$title = esc_html( basename( $src ) );
2986
2987	@@ -561,9 +562,9 @@
2988	$html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title );
2989	} else {
2990	$align = '';
2991	- $alt = esc_attr( stripslashes( $_POST['alt'] ) );
2992	+ $alt = esc_attr( wp_unslash( $_POST['alt'] ) );
2993	if ( isset($_POST['align']) ) {
2994	- $align = esc_attr( stripslashes( $_POST['align'] ) );
2995	+ $align = esc_attr( wp_unslash( $_POST['align'] ) );
2996	$class = " class='align$align'";
2997	}
2998	if ( !empty($src) )
2999	Index: wp-admin/edit-tags.php
3000	===================================================================
3001	--- wp-admin/edit-tags.php (revision 23400)
3002	+++ wp-admin/edit-tags.php (working copy)
3003	@@ -47,7 +47,9 @@
3004	if ( !current_user_can( $tax->cap->edit_terms ) )
3005	wp_die( __( 'Cheatin’ uh?' ) );
3006
3007	- $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
3008	+ $post_data = wp_unslash( $_POST );
3009	+
3010	+ $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
3011	$location = 'edit-tags.php?taxonomy=' . $taxonomy;
3012	if ( 'post' != $post_type )
3013	$location .= '&post_type=' . $post_type;
3014	@@ -132,7 +134,10 @@
3015	break;
3016
3017	case 'editedtag':
3018	- $tag_ID = (int) $_POST['tag_ID'];
3019	+
3020	+ $post_data = wp_unslash( $_POST );
3021	+
3022	+ $tag_ID = (int) $post_data['tag_ID'];
3023	check_admin_referer( 'update-tag_' . $tag_ID );
3024
3025	if ( !current_user_can( $tax->cap->edit_terms ) )
3026	@@ -142,7 +147,7 @@
3027	if ( ! $tag )
3028	wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) );
3029
3030	- $ret = wp_update_term( $tag_ID, $taxonomy, $_POST );
3031	+ $ret = wp_update_term( $tag_ID, $taxonomy, $post_data );
3032
3033	$location = 'edit-tags.php?taxonomy=' . $taxonomy;
3034	if ( 'post' != $post_type )
3035	@@ -164,7 +169,7 @@
3036
3037	default:
3038	if ( ! empty($_REQUEST['_wp_http_referer']) ) {
3039	- $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) );
3040	+ $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) );
3041
3042	if ( ! empty( $_REQUEST['paged'] ) )
3043	$location = add_query_arg( 'paged', (int) $_REQUEST['paged'] );
3044	@@ -264,8 +269,8 @@
3045	<div class="wrap nosubsub">
3046	<?php screen_icon(); ?>
3047	<h2><?php echo esc_html( $title );
3048	-if ( !empty($_REQUEST['s']) )
3049	- printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
3050	+if ( ! empty($_REQUEST['s']) )
3051	+ printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( wp_unslash( $_REQUEST['s'] ) ) ); ?>
3052	</h2>
3053
3054	<?php if ( isset($_REQUEST['message']) && ( $msg = (int) $_REQUEST['message'] ) ) : ?>
3055	Index: wp-admin/update.php
3056	===================================================================
3057	--- wp-admin/update.php (revision 23400)
3058	+++ wp-admin/update.php (working copy)
3059	@@ -26,7 +26,7 @@
3060	check_admin_referer( 'bulk-update-plugins' );
3061
3062	if ( isset( $_GET['plugins'] ) )
3063	- $plugins = explode( ',', stripslashes($_GET['plugins']) );
3064	+ $plugins = explode( ',', wp_unslash($_GET['plugins']) );
3065	elseif ( isset( $_POST['checked'] ) )
3066	$plugins = (array) $_POST['checked'];
3067	else
3068	@@ -109,7 +109,7 @@
3069	$nonce = 'install-plugin_' . $plugin;
3070	$url = 'update.php?action=install-plugin&plugin=' . $plugin;
3071	if ( isset($_GET['from']) )
3072	- $url .= '&from=' . urlencode(stripslashes($_GET['from']));
3073	+ $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) );
3074
3075	$type = 'web'; //Install plugin type, From Web or an Upload.
3076
3077	@@ -173,7 +173,7 @@
3078	check_admin_referer( 'bulk-update-themes' );
3079
3080	if ( isset( $_GET['themes'] ) )
3081	- $themes = explode( ',', stripslashes($_GET['themes']) );
3082	+ $themes = explode( ',', wp_unslash( $_GET['themes'] ) );
3083	elseif ( isset( $_POST['checked'] ) )
3084	$themes = (array) $_POST['checked'];
3085	else
3086	Index: wp-admin/theme-editor.php
3087	===================================================================
3088	--- wp-admin/theme-editor.php (revision 23400)
3089	+++ wp-admin/theme-editor.php (working copy)
3090	@@ -68,7 +68,7 @@
3091	$relative_file = 'style.css';
3092	$file = $allowed_files['style.css'];
3093	} else {
3094	- $relative_file = stripslashes( $file );
3095	+ $relative_file = wp_unslash( $file );
3096	$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
3097	}
3098
3099	@@ -78,7 +78,7 @@
3100	switch( $action ) {
3101	case 'update':
3102	check_admin_referer( 'edit-theme_' . $file . $stylesheet );
3103	- $newcontent = stripslashes( $_POST['newcontent'] );
3104	+ $newcontent = wp_unslash( $_POST['newcontent'] );
3105	$location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
3106	if ( is_writeable( $file ) ) {
3107	//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
3108	Index: wp-admin/admin.php
3109	===================================================================
3110	--- wp-admin/admin.php (revision 23400)
3111	+++ wp-admin/admin.php (working copy)
3112	@@ -43,7 +43,7 @@
3113	do_action('after_db_upgrade');
3114	} elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) {
3115	if ( !is_multisite() ) {
3116	- wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
3117	+ wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
3118	exit;
3119	} elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
3120	/**
3121	@@ -84,7 +84,7 @@
3122	$editing = false;
3123
3124	if ( isset($_GET['page']) ) {
3125	- $plugin_page = stripslashes($_GET['page']);
3126	+ $plugin_page = wp_unslash( $_GET['page'] );
3127	$plugin_page = plugin_basename($plugin_page);
3128	}
3129
3130	Index: wp-admin/custom-header.php
3131	===================================================================
3132	--- wp-admin/custom-header.php (revision 23400)
3133	+++ wp-admin/custom-header.php (working copy)
3134	@@ -948,7 +948,7 @@
3135	'width' => $choice['width'],
3136	);
3137
3138	- update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
3139	+ wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
3140	set_theme_mod( 'header_image', $choice['url'] );
3141	set_theme_mod( 'header_image_data', $header_image_data );
3142	return;
3143	Index: wp-admin/user-new.php
3144	===================================================================
3145	--- wp-admin/user-new.php (revision 23400)
3146	+++ wp-admin/user-new.php (working copy)
3147	@@ -117,7 +117,7 @@
3148	if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
3149	$add_user_errors = $user_details[ 'errors' ];
3150	} else {
3151	- $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
3152	+ $new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
3153	if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
3154	add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
3155	}
3156	@@ -310,7 +310,7 @@
3157	$var = "new_user_$var";
3158	if( isset( $_POST['createuser'] ) ) {
3159	if ( ! isset($$var) )
3160	- $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
3161	+ $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
3162	} else {
3163	$$var = false;
3164	}
3165	Index: wp-admin/media.php
3166	===================================================================
3167	--- wp-admin/media.php (revision 23400)
3168	+++ wp-admin/media.php (working copy)
3169	@@ -32,7 +32,7 @@
3170	}
3171	if ( false !== strpos($location, 'upload.php') ) {
3172	$location = remove_query_arg('message', $location);
3173	- $location = add_query_arg('posted', $attachment_id, $location);
3174	+ $location = add_query_arg('posted', $attachment_id, $location);
3175	} elseif ( false !== strpos($location, 'media.php') ) {
3176	$location = add_query_arg('message', 'updated', $location);
3177	}
3178	Index: wp-admin/upload.php
3179	===================================================================
3180	--- wp-admin/upload.php (revision 23400)
3181	+++ wp-admin/upload.php (working copy)
3182	@@ -132,7 +132,7 @@
3183	wp_redirect( $location );
3184	exit;
3185	} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
3186	- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
3187	+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
3188	exit;
3189	}
3190
3191	Index: wp-admin/edit-form-comment.php
3192	===================================================================
3193	--- wp-admin/edit-form-comment.php (revision 23400)
3194	+++ wp-admin/edit-form-comment.php (working copy)
3195	@@ -132,7 +132,7 @@
3196
3197	<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
3198	<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
3199	-<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
3200	+<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_unslash( wp_get_referer() ) ); ?>" />
3201	<?php wp_original_referer_field(true, 'previous'); ?>
3202	<input type="hidden" name="noredir" value="1" />
3203
3204	Index: wp-admin/edit-form-advanced.php
3205	===================================================================
3206	--- wp-admin/edit-form-advanced.php (revision 23400)
3207	+++ wp-admin/edit-form-advanced.php (working copy)
3208	@@ -304,7 +304,7 @@
3209	<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
3210	<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
3211	<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
3212	-<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
3213	+<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url( wp_unslash( wp_get_referer() ) ); ?>" />
3214	<?php if ( ! empty( $active_post_lock ) ) { ?>
3215	<input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
3216	<?php
3217	Index: wp-admin/network/site-new.php
3218	===================================================================
3219	--- wp-admin/network/site-new.php (revision 23400)
3220	+++ wp-admin/network/site-new.php (working copy)
3221	@@ -38,7 +38,7 @@
3222
3223	if ( ! is_array( $_POST['blog'] ) )
3224	wp_die( __( 'Can’t create an empty site.' ) );
3225	- $blog = $_POST['blog'];
3226	+ $blog = wp_unslash( $_POST['blog'] );
3227	$domain = '';
3228	if ( preg_match( '\|^([a-zA-Z0-9-])+$\|', $blog['domain'] ) )
3229	$domain = strtolower( $blog['domain'] );
3230	@@ -88,7 +88,7 @@
3231	$content_mail = sprintf( __( 'New site created by %1$s
3232
3233	Address: %2$s
3234	-Name: %3$s' ), $current_user->user_login , get_site_url( $id ), stripslashes( $title ) );
3235	+Name: %3$s' ), $current_user->user_login , get_site_url( $id ), $title );
3236	wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );
3237	wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
3238	wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) );
3239	Index: wp-admin/network/site-info.php
3240	===================================================================
3241	--- wp-admin/network/site-info.php (revision 23400)
3242	+++ wp-admin/network/site-info.php (working copy)
3243	@@ -62,7 +62,7 @@
3244	delete_option( 'rewrite_rules' );
3245
3246	// update blogs table
3247	- $blog_data = stripslashes_deep( $_POST['blog'] );
3248	+ $blog_data = wp_unslash( $_POST['blog'] );
3249	$existing_details = get_blog_details( $id, false );
3250	$blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
3251	foreach ( $blog_data_checkboxes as $c ) {
3252	Index: wp-admin/network/settings.php
3253	===================================================================
3254	--- wp-admin/network/settings.php (revision 23400)
3255	+++ wp-admin/network/settings.php (working copy)
3256	@@ -61,7 +61,7 @@
3257	foreach ( $options as $option_name ) {
3258	if ( ! isset($_POST[$option_name]) )
3259	continue;
3260	- $value = stripslashes_deep( $_POST[$option_name] );
3261	+ $value = wp_unslash( $_POST[$option_name] );
3262	update_site_option( $option_name, $value );
3263	}
3264
3265	@@ -181,7 +181,7 @@
3266	<th scope="row"><label for="welcome_email"><?php _e( 'Welcome Email' ) ?></label></th>
3267	<td>
3268	<textarea name="welcome_email" id="welcome_email" rows="5" cols="45" class="large-text">
3269	-<?php echo esc_textarea( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea>
3270	+<?php echo esc_textarea( get_site_option( 'welcome_email' ) ) ?></textarea>
3271	<br />
3272	<?php _e( 'The welcome email sent to new site owners.' ) ?>
3273	</td>
3274	@@ -190,7 +190,7 @@
3275	<th scope="row"><label for="welcome_user_email"><?php _e( 'Welcome User Email' ) ?></label></th>
3276	<td>
3277	<textarea name="welcome_user_email" id="welcome_user_email" rows="5" cols="45" class="large-text">
3278	-<?php echo esc_textarea( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea>
3279	+<?php echo esc_textarea( get_site_option( 'welcome_user_email' ) ) ?></textarea>
3280	<br />
3281	<?php _e( 'The welcome email sent to new users.' ) ?>
3282	</td>
3283	@@ -199,7 +199,7 @@
3284	<th scope="row"><label for="first_post"><?php _e( 'First Post' ) ?></label></th>
3285	<td>
3286	<textarea name="first_post" id="first_post" rows="5" cols="45" class="large-text">
3287	-<?php echo esc_textarea( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea>
3288	+<?php echo esc_textarea( get_site_option( 'first_post' ) ) ?></textarea>
3289	<br />
3290	<?php _e( 'The first post on a new site.' ) ?>
3291	</td>
3292	@@ -208,7 +208,7 @@
3293	<th scope="row"><label for="first_page"><?php _e( 'First Page' ) ?></label></th>
3294	<td>
3295	<textarea name="first_page" id="first_page" rows="5" cols="45" class="large-text">
3296	-<?php echo esc_textarea( stripslashes( get_site_option('first_page') ) ) ?></textarea>
3297	+<?php echo esc_textarea( get_site_option( 'first_page' ) ) ?></textarea>
3298	<br />
3299	<?php _e( 'The first page on a new site.' ) ?>
3300	</td>
3301	@@ -217,7 +217,7 @@
3302	<th scope="row"><label for="first_comment"><?php _e( 'First Comment' ) ?></label></th>
3303	<td>
3304	<textarea name="first_comment" id="first_comment" rows="5" cols="45" class="large-text">
3305	-<?php echo esc_textarea( stripslashes( get_site_option('first_comment') ) ) ?></textarea>
3306	+<?php echo esc_textarea( get_site_option( 'first_comment' ) ) ?></textarea>
3307	<br />
3308	<?php _e( 'The first comment on a new site.' ) ?>
3309	</td>
3310	Index: wp-admin/network/site-settings.php
3311	===================================================================
3312	--- wp-admin/network/site-settings.php (revision 23400)
3313	+++ wp-admin/network/site-settings.php (working copy)
3314	@@ -53,12 +53,14 @@
3315	$count = count( $_POST['option'] );
3316	$skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
3317	foreach ( (array) $_POST['option'] as $key => $val ) {
3318	+ $key = wp_unslash( $key );
3319	+ $val = wp_unslash( $val );
3320	if ( $key === 0 \|\| is_array( $val ) \|\| in_array($key, $skip_options) )
3321	continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
3322	if ( $c == $count )
3323	- update_option( $key, stripslashes( $val ) );
3324	+ update_option( $key, $val );
3325	else
3326	- update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
3327	+ update_option( $key, $val, false ); // no need to refresh blog details yet
3328	$c++;
3329	}
3330
3331	Index: wp-admin/network/sites.php
3332	===================================================================
3333	--- wp-admin/network/sites.php (revision 23400)
3334	+++ wp-admin/network/sites.php (working copy)
3335	@@ -79,7 +79,7 @@
3336	<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
3337	<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
3338	<?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?>
3339	- <p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p>
3340	+ <p><?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?></p>
3341	<?php submit_button( __('Confirm'), 'button' ); ?>
3342	</form>
3343	</body>
3344	Index: wp-admin/nav-menus.php
3345	===================================================================
3346	--- wp-admin/nav-menus.php (revision 23400)
3347	+++ wp-admin/nav-menus.php (working copy)
3348	@@ -93,7 +93,7 @@
3349	if ( ! is_wp_error( $parent_object ) ) {
3350	$parent_data = (array) $parent_object;
3351	$menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent'];
3352	- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3353	+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3354
3355	}
3356
3357	@@ -103,7 +103,7 @@
3358	$menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1;
3359
3360	$menu_item_data['menu_item_parent'] = $next_item_data['ID'];
3361	- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3362	+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3363
3364	wp_update_post($menu_item_data);
3365	wp_update_post($next_item_data);
3366	@@ -115,7 +115,7 @@
3367	in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids )
3368	) {
3369	$menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true);
3370	- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3371	+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3372	}
3373	}
3374	}
3375	@@ -190,7 +190,7 @@
3376	$menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1;
3377
3378	// save changes
3379	- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3380	+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3381	wp_update_post($menu_item_data);
3382	wp_update_post($parent_data);
3383	}
3384	@@ -205,7 +205,7 @@
3385	) {
3386	// just make it a child of the previous; keep the order
3387	$menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1];
3388	- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3389	+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
3390	wp_update_post($menu_item_data);
3391	}
3392	}
3393	Index: wp-admin/edit.php
3394	===================================================================
3395	--- wp-admin/edit.php (revision 23400)
3396	+++ wp-admin/edit.php (working copy)
3397	@@ -138,7 +138,7 @@
3398	wp_redirect($sendback);
3399	exit();
3400	} elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
3401	- wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
3402	+ wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
3403	exit;
3404	}
3405
3406	Index: wp-admin/upgrade.php
3407	===================================================================
3408	--- wp-admin/upgrade.php (revision 23400)
3409	+++ wp-admin/upgrade.php (working copy)
3410	@@ -77,7 +77,7 @@
3411	<?php else :
3412	switch ( $step ) :
3413	case 0:
3414	- $goback = stripslashes( wp_get_referer() );
3415	+ $goback = wp_unslash( wp_get_referer() );
3416	$goback = esc_url_raw( $goback );
3417	$goback = urlencode( $goback );
3418	?>
3419	@@ -90,7 +90,7 @@
3420	case 1:
3421	wp_upgrade();
3422
3423	- $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
3424	+ $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
3425	$backto = esc_url( $backto );
3426	$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
3427	?>
3428	Index: wp-admin/options.php
3429	===================================================================
3430	--- wp-admin/options.php (revision 23400)
3431	+++ wp-admin/options.php (working copy)
3432	@@ -120,16 +120,16 @@
3433	if ( 'options' == $option_page ) {
3434	if ( is_multisite() && ! is_super_admin() )
3435	wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
3436	- $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
3437	+ $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
3438	} else {
3439	$options = $whitelist_options[ $option_page ];
3440	}
3441
3442	// Handle custom date/time formats
3443	if ( 'general' == $option_page ) {
3444	- if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
3445	+ if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
3446	$_POST['date_format'] = $_POST['date_format_custom'];
3447	- if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
3448	+ if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
3449	$_POST['time_format'] = $_POST['time_format_custom'];
3450	// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
3451	if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
3452	@@ -150,7 +150,7 @@
3453	$value = $_POST[ $option ];
3454	if ( ! is_array( $value ) )
3455	$value = trim( $value );
3456	- $value = stripslashes_deep( $value );
3457	+ $value = wp_unslash( $value );
3458	}
3459	update_option( $option, $value );
3460	}
3461	Index: wp-admin/press-this.php
3462	===================================================================
3463	--- wp-admin/press-this.php (revision 23400)
3464	+++ wp-admin/press-this.php (working copy)
3465	@@ -91,11 +91,11 @@
3466	}
3467
3468	// Set Variables
3469	-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
3470	+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
3471
3472	$selection = '';
3473	if ( !empty($_GET['s']) ) {
3474	- $selection = str_replace(''', "'", stripslashes($_GET['s']));
3475	+ $selection = str_replace(''', "'", wp_unslash($_GET['s']));
3476	$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
3477	}
3478
3479	Index: wp-admin/user-edit.php
3480	===================================================================
3481	--- wp-admin/user-edit.php (revision 23400)
3482	+++ wp-admin/user-edit.php (working copy)
3483	@@ -54,7 +54,7 @@
3484	'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
3485	);
3486
3487	-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
3488	+$wp_http_referer = remove_query_arg(array('update', 'delete_count'), wp_unslash( $wp_http_referer ) );
3489
3490	$user_can_edit = current_user_can( 'edit_posts' ) \|\| current_user_can( 'edit_pages' );
3491
3492	Index: wp-admin/setup-config.php
3493	===================================================================
3494	--- wp-admin/setup-config.php (revision 23400)
3495	+++ wp-admin/setup-config.php (working copy)
3496	@@ -164,7 +164,7 @@
3497
3498	case 2:
3499	foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
3500	- $$key = trim( stripslashes( $_POST[ $key ] ) );
3501	+ $$key = trim( wp_unslash( $_POST[ $key ] ) );
3502
3503	$tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>';
3504
3505	Index: wp-admin/link-manager.php
3506	===================================================================
3507	--- wp-admin/link-manager.php (revision 23400)
3508	+++ wp-admin/link-manager.php (working copy)
3509	@@ -31,7 +31,7 @@
3510	exit;
3511	}
3512	} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
3513	- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
3514	+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
3515	exit;
3516	}
3517
3518	@@ -72,7 +72,7 @@
3519	<?php screen_icon(); ?>
3520	<h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php
3521	if ( !empty($_REQUEST['s']) )
3522	- printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
3523	+ printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
3524	</h2>
3525
3526	<?php
3527	Index: wp-admin/install.php
3528	===================================================================
3529	--- wp-admin/install.php (revision 23400)
3530	+++ wp-admin/install.php (working copy)
3531	@@ -84,10 +84,10 @@
3532	if ( ! empty( $_POST ) )
3533	$blog_public = isset( $_POST['blog_public'] );
3534
3535	- $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
3536	- $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
3537	- $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
3538	- $admin_email = isset( $_POST['admin_email'] ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
3539	+ $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
3540	+ $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
3541	+ $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
3542	+ $admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
3543
3544	if ( ! is_null( $error ) ) {
3545	?>
3546	@@ -189,11 +189,11 @@
3547
3548	display_header();
3549	// Fill in the data we gathered
3550	- $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
3551	- $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
3552	- $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
3553	- $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
3554	- $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
3555	+ $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
3556	+ $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
3557	+ $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
3558	+ $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
3559	+ $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
3560	$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0;
3561	// check e-mail address
3562	$error = false;
3563	Index: wp-admin/plugin-editor.php
3564	===================================================================
3565	--- wp-admin/plugin-editor.php (revision 23400)
3566	+++ wp-admin/plugin-editor.php (working copy)
3567	@@ -28,7 +28,7 @@
3568	wp_die( __('There are no plugins installed on this site.') );
3569
3570	if ( isset($_REQUEST['file']) )
3571	- $plugin = stripslashes($_REQUEST['file']);
3572	+ $plugin = wp_unslash($_REQUEST['file']);
3573
3574	if ( empty($plugin) ) {
3575	$plugin = array_keys($plugins);
3576	@@ -40,7 +40,7 @@
3577	if ( empty($file) )
3578	$file = $plugin_files[0];
3579	else
3580	- $file = stripslashes($file);
3581	+ $file = wp_unslash($file);
3582
3583	$file = validate_file_to_edit($file, $plugin_files);
3584	$real_file = WP_PLUGIN_DIR . '/' . $file;
3585	@@ -52,7 +52,7 @@
3586
3587	check_admin_referer('edit-plugin_' . $file);
3588
3589	- $newcontent = stripslashes($_POST['newcontent']);
3590	+ $newcontent = wp_unslash( $_POST['newcontent'] );
3591	if ( is_writeable($real_file) ) {
3592	$f = fopen($real_file, 'w+');
3593	fwrite($f, $newcontent);
3594	Index: wp-admin/custom-background.php
3595	===================================================================
3596	--- wp-admin/custom-background.php (revision 23400)
3597	+++ wp-admin/custom-background.php (working copy)
3598	@@ -378,7 +378,7 @@
3599
3600	// Add the meta-data
3601	wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
3602	- update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
3603	+ wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
3604
3605	set_theme_mod('background_image', esc_url_raw($url));
3606
3607	@@ -415,7 +415,7 @@
3608	if ( in_array( $_POST['size'], $sizes ) )
3609	$size = esc_attr( $_POST['size'] );
3610
3611	- update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
3612	+ wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
3613	$url = wp_get_attachment_image_src( $attachment_id, $size );
3614	$thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
3615	set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );

Download in other formats:

Original Format