Ticket #914: search-slashes.diff

wp-includes/classes.php

@@ -334 +334 @@
 
                 // If a search pattern is specified, load the posts that match
                 if (!empty($q['s'])) {
-                        $q['s'] = addslashes_gpc($q['s']);
                         $search = ' AND (';
                         $q['s'] = preg_replace('/, +/', ' ', $q['s']);
                         $q['s'] = str_replace(',', ' ', $q['s']);
@@ -1268 +1267 @@
     $wp_rewrite = new WP_Rewrite();
 }
 
-?>
- No newline at end of file
+?>

wp-content/themes/default/searchform.php

@@ -1 +1 @@
 <form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">
-<div><input type="text" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />
+<div><input type="text" value="<?php echo stripslashes($s); ?>" name="s" id="s" />
 <input type="submit" id="searchsubmit" value="Search" />
 </div>
-</form>
- No newline at end of file
+</form>

wp-content/themes/default/sidebar.php

@@ -29 +29 @@
                         
                  <?php /* If this is a monthly archive */ } elseif (is_search()) { ?>
                         <p>You have searched the <a href="<?php echo get_settings('siteurl'); ?>"><?php echo bloginfo('name'); ?></a> weblog archives
-                        for <strong>'<?php echo wp_specialchars($s); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
+                        for <strong>'<?php echo wp_specialchars(stripslashes($s)); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
 
                         <?php /* If this is a monthly archive */ } elseif (isset($_GET['paged']) && !empty($_GET['paged'])) { ?>
                         <p>You are currently browsing the <a href="<?php echo get_settings('siteurl'); ?>"><?php echo bloginfo('name'); ?></a> weblog archives.</p>