Index: wp-includes/post.php
===================================================================
--- wp-includes/post.php	(revision 18500)
+++ wp-includes/post.php	(working copy)
@@ -2553,7 +2553,7 @@
 	// expected_slashed (everything!)
 	$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
 	$data = apply_filters('wp_insert_post_data', $data, $postarr);
-	$data = stripslashes_deep( $data );
+	$data = wp_unslash( $data );
 	$where = array( 'ID' => $post_ID );
 
 	if ( $update ) {
@@ -3685,7 +3685,7 @@
 
 	// expected_slashed (everything!)
 	$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
-	$data = stripslashes_deep( $data );
+	$data = wp_unslash( $data );
 
 	if ( $update ) {
 		$wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) );
Index: wp-includes/comment.php
===================================================================
--- wp-includes/comment.php	(revision 18499)
+++ wp-includes/comment.php	(working copy)
@@ -1214,7 +1214,7 @@
  */
 function wp_insert_comment($commentdata) {
 	global $wpdb;
-	extract(stripslashes_deep($commentdata), EXTR_SKIP);
+	extract(wp_unslash($commentdata), EXTR_SKIP);
 
 	if ( ! isset($comment_author_IP) )
 		$comment_author_IP = '';
@@ -1455,7 +1455,7 @@
 	$commentarr = wp_filter_comment( $commentarr );
 
 	// Now extract the merged array.
-	extract(stripslashes_deep($commentarr), EXTR_SKIP);
+	extract(wp_unslash($commentarr), EXTR_SKIP);
 
 	$comment_content = apply_filters('comment_save_pre', $comment_content);
 
Index: wp-includes/user.php
===================================================================
--- wp-includes/user.php	(revision 18499)
+++ wp-includes/user.php	(working copy)
@@ -1478,7 +1478,7 @@
 	}
 
 	$data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' );
-	$data = stripslashes_deep( $data );
+	$data = wp_unslash( $data );
 
 	if ( $update ) {
 		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
Index: wp-includes/load.php
===================================================================
--- wp-includes/load.php	(revision 18499)
+++ wp-includes/load.php	(working copy)
@@ -527,6 +527,11 @@
  * @since 3.0.0
  */
 function wp_magic_quotes() {
+	global $wp_magic_quotes;
+
+	if ( ! isset( $wp_magic_quotes ) )
+		$wp_magic_quotes = true;
+
 	// If already slashed, strip.
 	if ( get_magic_quotes_gpc() ) {
 		$_GET    = stripslashes_deep( $_GET    );
@@ -535,10 +540,12 @@
 	}
 
 	// Escape with wpdb.
-	$_GET    = add_magic_quotes( $_GET    );
-	$_POST   = add_magic_quotes( $_POST   );
-	$_COOKIE = add_magic_quotes( $_COOKIE );
-	$_SERVER = add_magic_quotes( $_SERVER );
+	if ( $wp_magic_quotes ) {
+		$_GET    = add_magic_quotes( $_GET    );
+		$_POST   = add_magic_quotes( $_POST   );
+		$_COOKIE = add_magic_quotes( $_COOKIE );
+		$_SERVER = add_magic_quotes( $_SERVER );
+	}
 
 	// Force REQUEST to be GET + POST.
 	$_REQUEST = array_merge( $_GET, $_POST );
Index: wp-includes/class-wp-xmlrpc-server.php
===================================================================
--- wp-includes/class-wp-xmlrpc-server.php	(revision 18501)
+++ wp-includes/class-wp-xmlrpc-server.php	(working copy)
@@ -262,7 +262,7 @@
 			if ( isset($meta['id']) ) {
 				$meta['id'] = (int) $meta['id'];
 				$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
-				$meta['value'] = stripslashes_deep( $meta['value'] );
+				$meta['value'] = wp_unslash( $meta['value'] );
 				if ( isset($meta['key']) ) {
 					$meta['key'] = stripslashes( $meta['key'] );
 					if ( $meta['key'] != $pmeta->meta_key )
Index: wp-includes/formatting.php
===================================================================
--- wp-includes/formatting.php	(revision 18499)
+++ wp-includes/formatting.php	(working copy)
@@ -2483,9 +2483,9 @@
 
 		case 'blogdescription':
 		case 'blogname':
-			$value = addslashes($value);
-			$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
-			$value = stripslashes($value);
+			$value = wp_slash( $value );
+			$value = wp_filter_post_kses( $value );
+			$value = wp_unslash( $value );
 			$value = esc_html( $value );
 			break;
 
@@ -2501,9 +2501,9 @@
 		case 'ping_sites':
 		case 'upload_path':
 			$value = strip_tags($value);
-			$value = addslashes($value);
-			$value = wp_filter_kses($value); // calls stripslashes then addslashes
-			$value = stripslashes($value);
+			$value = wp_slash( $value );
+			$value = wp_filter_kses( $value );
+			$value = wp_unslash( $value );
 			break;
 
 		case 'gmt_offset':
@@ -2925,4 +2925,33 @@
 	return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
 }
 
+function wp_slash( $value ) {
+	global $wp_magic_quotes;
+
+	if ( ! $wp_magic_quotes )
+		return $value;
+
+	if ( is_array( $value ) ) {
+		$value = array_map( 'wp_slash', $value);
+	} elseif ( is_object( $value ) ) {
+		$vars = get_object_vars( $value );
+		foreach ( $vars as $key => $data ) {
+			$value->{$key} = wp_slash( $data );
+		}
+	} else {
+		$value = addslashes( $value );
+	}
+
+	return $value;
+}
+
+function wp_unslash( $value ) {
+	global $wp_magic_quotes;
+
+	if ( ! $wp_magic_quotes )
+		return $value;
+
+	return stripslashes_deep( $value );
+}
+
 ?>
Index: wp-includes/kses.php
===================================================================
--- wp-includes/kses.php	(revision 18499)
+++ wp-includes/kses.php	(working copy)
@@ -1256,7 +1256,7 @@
  */
 function wp_filter_post_kses($data) {
 	global $allowedposttags;
-	return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
+	return wp_slash ( wp_kses( wp_unslash( $data ), $allowedposttags) );
 }
 
 /**
@@ -1285,7 +1285,7 @@
  * @return string Filtered content without any HTML
  */
 function wp_filter_nohtml_kses($data) {
-	return addslashes ( wp_kses(stripslashes( $data ), array()) );
+	return wp_slash ( wp_kses( wp_unslash( $data ), array() ) );
 }
 
 /**
Index: wp-includes/widgets.php
===================================================================
--- wp-includes/widgets.php	(revision 18499)
+++ wp-includes/widgets.php	(working copy)
@@ -224,7 +224,7 @@
 			}
 
 			foreach ( $settings as $number => $new_instance ) {
-				$new_instance = stripslashes_deep($new_instance);
+				$new_instance = wp_unslash($new_instance);
 				$this->_set($number);
 
 				$old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array();
Index: wp-includes/meta.php
===================================================================
--- wp-includes/meta.php	(revision 18500)
+++ wp-includes/meta.php	(working copy)
@@ -44,7 +44,7 @@
 
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
-	$meta_value = stripslashes_deep($meta_value);
+	$meta_value = wp_unslash($meta_value);
 	$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
 
 	$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
@@ -118,7 +118,7 @@
 
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
-	$meta_value = stripslashes_deep($meta_value);
+	$meta_value = wp_unslash($meta_value);
 	$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
 
 	$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
@@ -202,7 +202,7 @@
 	$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
 	// expected_slashed ($meta_key)
 	$meta_key = stripslashes($meta_key);
-	$meta_value = stripslashes_deep($meta_value);
+	$meta_value = wp_unslash($meta_value);
 
 	$check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
 	if ( null !== $check )
Index: wp-admin/network.php
===================================================================
--- wp-admin/network.php	(revision 18499)
+++ wp-admin/network.php	(working copy)
@@ -308,7 +308,7 @@
 	$hostname = get_clean_basedomain();
 
 	if ( ! isset( $base ) )
-		$base = trailingslashit( stripslashes( dirname( dirname( $_SERVER['SCRIPT_NAME'] ) ) ) );
+		$base = trailingslashit( wp_unslash( dirname( dirname( $_SERVER['SCRIPT_NAME'] ) ) ) );
 
 	// Wildcard DNS message.
 	if ( is_wp_error( $errors ) )
@@ -515,7 +515,7 @@
 
 if ( $_POST ) {
 
-	$base = trailingslashit( stripslashes( dirname( dirname( $_SERVER['SCRIPT_NAME'] ) ) ) );
+	$base = trailingslashit( wp_unslash( dirname( dirname( $_SERVER['SCRIPT_NAME'] ) ) ) );
 
 	check_admin_referer( 'install-network-1' );
 
@@ -525,7 +525,7 @@
 	$hostname = get_clean_basedomain();
 	$subdomain_install = !allow_subdomain_install() ? false : (bool) $_POST['subdomain_install'];
 	if ( ! network_domain_check() ) {
-		$result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
+		$result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
 		if ( is_wp_error( $result ) ) {
 			if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
 				network_step2( $result );
Index: wp-admin/users.php
===================================================================
--- wp-admin/users.php	(revision 18499)
+++ wp-admin/users.php	(working copy)
@@ -31,9 +31,9 @@
 );
 
 if ( empty($_REQUEST) ) {
-	$referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+	$referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(wp_unslash($_SERVER['REQUEST_URI'])) . '" />';
 } elseif ( isset($_REQUEST['wp_http_referer']) ) {
-	$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
+	$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash($_REQUEST['wp_http_referer']));
 	$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
 } else {
 	$redirect = 'users.php';
@@ -294,7 +294,7 @@
 default:
 
 	if ( !empty($_GET['_wp_http_referer']) ) {
-		wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
+		wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI'])));
 		exit;
 	}
 
Index: wp-admin/edit-comments.php
===================================================================
--- wp-admin/edit-comments.php	(revision 18499)
+++ wp-admin/edit-comments.php	(working copy)
@@ -95,7 +95,7 @@
 	wp_redirect( $redirect_to );
 	exit;
 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
-	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
 	 exit;
 }
 
@@ -140,7 +140,7 @@
 	echo __('Comments');
 
 if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
-	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
+	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
 </h2>
 
 <?php
Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 18502)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -86,7 +86,7 @@
 		die('0');
 	}
 
-	$s = stripslashes( $_GET['q'] );
+	$s = wp_unslash( $_GET['q'] );
 
 	if ( false !== strpos( $s, ',' ) ) {
 		$s = explode( ',', $s );
@@ -497,7 +497,7 @@
 			$cat_id = wp_insert_term( $cat_name, 'link_category' );
 		}
 		$cat_id = $cat_id['term_id'];
-		$cat_name = esc_html(stripslashes($cat_name));
+		$cat_name = esc_html(wp_unslash($cat_name));
 		$x->add( array(
 			'what' => 'link-category',
 			'id' => $cat_id,
@@ -861,8 +861,8 @@
 		) );
 	} else { // Update?
 		$mid = (int) array_pop( array_keys($_POST['meta']) );
-		$key = stripslashes( $_POST['meta'][$mid]['key'] );
-		$value = stripslashes( $_POST['meta'][$mid]['value'] );
+		$key = wp_unslash( $_POST['meta'][$mid]['key'] );
+		$value = wp_unslash( $_POST['meta'][$mid]['value'] );
 		if ( '' == trim($key) )
 			die(__('Please provide a custom field name.'));
 		if ( '' == trim($value) )
@@ -1113,7 +1113,7 @@
 	$args = array();
 
 	if ( isset( $_POST['search'] ) )
-		$args['s'] = stripslashes( $_POST['search'] );
+		$args['s'] = wp_unslash( $_POST['search'] );
 	$args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
 
 	require(ABSPATH . WPINC . '/class-wp-editor.php');
@@ -1276,7 +1276,7 @@
 	else
 		$what = 'post';
 
-	$s = stripslashes($_POST['ps']);
+	$s = wp_unslash($_POST['ps']);
 	preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
 	$search_terms = array_map('_search_terms_tidy', $matches[0]);
 
Index: wp-admin/includes/class-wp-ms-sites-list-table.php
===================================================================
--- wp-admin/includes/class-wp-ms-sites-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-ms-sites-list-table.php	(working copy)
@@ -28,7 +28,7 @@
 
 		$pagenum = $this->get_pagenum();
 
-		$s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : '';
+		$s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';
 		$wild = '';
 		if ( false !== strpos($s, '*') ) {
 			$wild = '%';
Index: wp-admin/includes/bookmark.php
===================================================================
--- wp-admin/includes/bookmark.php	(revision 18499)
+++ wp-admin/includes/bookmark.php	(working copy)
@@ -136,7 +136,7 @@
 	$linkdata = wp_parse_args( $linkdata, $defaults );
 	$linkdata = sanitize_bookmark( $linkdata, 'db' );
 
-	extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
+	extract( wp_unslash( $linkdata ), EXTR_SKIP );
 
 	$update = false;
 
Index: wp-admin/includes/file.php
===================================================================
--- wp-admin/includes/file.php	(revision 18499)
+++ wp-admin/includes/file.php	(working copy)
@@ -916,13 +916,13 @@
 	$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
 
 	// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
-	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
-	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
-	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
+	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash($_POST['hostname']) : $credentials['hostname']);
+	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash($_POST['username']) : $credentials['username']);
+	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash($_POST['password']) : '');
 
 	// Check to see if we are setting the public/private keys for ssh
-	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
-	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
+	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash($_POST['public_key']) : '');
+	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash($_POST['private_key']) : '');
 
 	//sanitize the hostname, Some people might pass in odd-data:
 	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
Index: wp-admin/includes/class-wp-terms-list-table.php
===================================================================
--- wp-admin/includes/class-wp-terms-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-terms-list-table.php	(working copy)
@@ -51,7 +51,7 @@
 			$tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter
 		}
 
-		$search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : '';
+		$search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
 
 		$args = array(
 			'search' => $search,
@@ -60,10 +60,10 @@
 		);
 
 		if ( !empty( $_REQUEST['orderby'] ) )
-			$args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) );
+			$args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
 
 		if ( !empty( $_REQUEST['order'] ) )
-			$args['order'] = trim( stripslashes( $_REQUEST['order'] ) );
+			$args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
 
 		$this->callback_args = $args;
 
Index: wp-admin/includes/post.php
===================================================================
--- wp-admin/includes/post.php	(revision 18500)
+++ wp-admin/includes/post.php	(working copy)
@@ -764,8 +764,8 @@
  * @return unknown
  */
 function update_meta( $meta_id, $meta_key, $meta_value ) {
-	$meta_key = stripslashes( $meta_key );
-	$meta_value = stripslashes_deep( $meta_value );
+	$meta_key = wp_unslash( $meta_key );
+	$meta_value = wp_unslash( $meta_value );
 
 	return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
 }
@@ -1303,7 +1303,7 @@
 	}
 
 	// _wp_put_post_revision() expects unescaped.
-	$_POST = stripslashes_deep($_POST);
+	$_POST = wp_unslash($_POST);
 
 	// Otherwise create the new autosave as a special post revision
 	return _wp_put_post_revision( $_POST, true );
Index: wp-admin/includes/class-wp-users-list-table.php
===================================================================
--- wp-admin/includes/class-wp-users-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-users-list-table.php	(working copy)
@@ -235,7 +235,7 @@
 			if ( get_current_user_id() == $user_object->ID ) {
 				$edit_link = 'profile.php';
 			} else {
-				$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
+				$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ) );
 			}
 
 			// Set up the hover actions for this user
Index: wp-admin/includes/dashboard.php
===================================================================
--- wp-admin/includes/dashboard.php	(revision 18499)
+++ wp-admin/includes/dashboard.php	(working copy)
@@ -1109,7 +1109,7 @@
 	$widget_options[$widget_id]['number'] = $number;
 
 	if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) {
-		$_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] );
+		$_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
 		$widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
 		// title is optional.  If black, fill it if possible
 		if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) {
Index: wp-admin/includes/class-wp-plugin-install-list-table.php
===================================================================
--- wp-admin/includes/class-wp-plugin-install-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-plugin-install-list-table.php	(working copy)
@@ -48,8 +48,8 @@
 
 		switch ( $tab ) {
 			case 'search':
-				$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : '';
-				$term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
+				$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : '';
+				$term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
 
 				switch ( $type ) {
 					case 'tag':
Index: wp-admin/includes/class-wp-ms-themes-list-table.php
===================================================================
--- wp-admin/includes/class-wp-ms-themes-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-ms-themes-list-table.php	(working copy)
@@ -138,7 +138,7 @@
 	function _search_callback( $theme ) {
 		static $term;
 		if ( is_null( $term ) )
-			$term = stripslashes( $_REQUEST['s'] );
+			$term = wp_unslash( $_REQUEST['s'] );
 
 		$search_fields = array( 'Name', 'Title', 'Description', 'Author', 'Author Name', 'Author URI', 'Template', 'Stylesheet' );
 		foreach ( $search_fields as $field )
Index: wp-admin/includes/class-wp-theme-install-list-table.php
===================================================================
--- wp-admin/includes/class-wp-theme-install-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-theme-install-list-table.php	(working copy)
@@ -48,8 +48,8 @@
 
 		switch ( $tab ) {
 			case 'search':
-				$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : '';
-				$term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
+				$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : '';
+				$term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
 
 				switch ( $type ) {
 					case 'tag':
Index: wp-admin/includes/deprecated.php
===================================================================
--- wp-admin/includes/deprecated.php	(revision 18499)
+++ wp-admin/includes/deprecated.php	(working copy)
@@ -454,7 +454,7 @@
 	function WP_User_Search ($search_term = '', $page = '', $role = '') {
 		_deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
 
-		$this->search_term = stripslashes( $search_term );
+		$this->search_term = wp_unslash( $search_term );
 		$this->raw_page = ( '' == $page ) ? false : (int) $page;
 		$this->page = (int) ( '' == $page ) ? 1 : $page;
 		$this->role = $role;
@@ -533,7 +533,7 @@
 	 * @access public
 	 */
 	function prepare_vars_for_template_usage() {
-		$this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
+		$this->search_term = wp_unslash($this->search_term); // done with DB, from now on we want slashes gone
 	}
 
 	/**
Index: wp-admin/includes/class-wp-upgrader.php
===================================================================
--- wp-admin/includes/class-wp-upgrader.php	(revision 18499)
+++ wp-admin/includes/class-wp-upgrader.php	(working copy)
@@ -1274,7 +1274,7 @@
 
 		$install_actions = array();
 
-		$from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
+		$from = isset($_GET['from']) ? wp_unslash($_GET['from']) : 'plugins';
 
 		if ( 'import' == $from )
 			$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;from=import&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin &amp; Run Importer') . '</a>';
Index: wp-admin/includes/comment.php
===================================================================
--- wp-admin/includes/comment.php	(revision 18499)
+++ wp-admin/includes/comment.php	(working copy)
@@ -19,8 +19,8 @@
 function comment_exists($comment_author, $comment_date) {
 	global $wpdb;
 
-	$comment_author = stripslashes($comment_author);
-	$comment_date = stripslashes($comment_date);
+	$comment_author = wp_unslash($comment_author);
+	$comment_date = wp_unslash($comment_date);
 
 	return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
 			WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
Index: wp-admin/includes/class-wp-ms-users-list-table.php
===================================================================
--- wp-admin/includes/class-wp-ms-users-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-ms-users-list-table.php	(working copy)
@@ -175,7 +175,7 @@
 						if ( get_current_user_id() == $user->ID ) {
 							$edit_link = esc_url( network_admin_url( 'profile.php' ) );
 						} else {
-							$edit_link = esc_url( network_admin_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), 'user-edit.php?user_id=' . $user->ID ) ) );
+							$edit_link = esc_url( network_admin_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'user-edit.php?user_id=' . $user->ID ) ) );
 						}
 
 						echo "<td $attributes>"; ?>
@@ -189,7 +189,7 @@
 								$actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
 
 								if ( current_user_can( 'delete_user', $user->ID) && ! in_array( $user->user_login, $super_admins ) ) {
-									$actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
+									$actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'edit.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
 								}
 
 								$actions = apply_filters( 'ms_user_row_actions', $actions, $user );
Index: wp-admin/includes/class-wp-plugins-list-table.php
===================================================================
--- wp-admin/includes/class-wp-plugins-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-plugins-list-table.php	(working copy)
@@ -23,7 +23,7 @@
 
 
 		if ( isset($_REQUEST['s']) )
-			$_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) );
+			$_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );
 
 		$page = $this->get_pagenum();
 
@@ -152,7 +152,7 @@
 	function _search_callback( $plugin ) {
 		static $term;
 		if ( is_null( $term ) )
-			$term = stripslashes( $_REQUEST['s'] );
+			$term = wp_unslash( $_REQUEST['s'] );
 
 		foreach ( $plugin as $value )
 			if ( stripos( $value, $term ) !== false )
Index: wp-admin/includes/class-wp-themes-list-table.php
===================================================================
--- wp-admin/includes/class-wp-themes-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-themes-list-table.php	(working copy)
@@ -25,7 +25,7 @@
 		$themes = get_allowed_themes();
 
 		if ( ! empty( $_REQUEST['s'] ) ) {
-			$search = strtolower( stripslashes( $_REQUEST['s'] ) );
+			$search = strtolower( wp_unslash( $_REQUEST['s'] ) );
 			$this->search = array_merge( $this->search, array_filter( array_map( 'trim', explode( ',', $search ) ) ) );
 			$this->search = array_unique( $this->search );
 		}
Index: wp-admin/includes/class-wp-comments-list-table.php
===================================================================
--- wp-admin/includes/class-wp-comments-list-table.php	(revision 18499)
+++ wp-admin/includes/class-wp-comments-list-table.php	(working copy)
@@ -168,7 +168,7 @@
 			/*
 			// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
 			if ( !empty( $_REQUEST['s'] ) )
-				$link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link );
+				$link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );
 			*/
 			$status_links[$status] = "<a href='$link'$class>" . sprintf(
 				translate_nooped_plural( $label, $num_comments->$status ),
Index: wp-admin/includes/media.php
===================================================================
--- wp-admin/includes/media.php	(revision 18499)
+++ wp-admin/includes/media.php	(working copy)
@@ -487,7 +487,7 @@
 	}
 
 	if ( isset($send_id) ) {
-		$attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
+		$attachment = wp_unslash( $_POST['attachments'][$send_id] );
 
 		$html = $attachment['post_title'];
 		if ( !empty($attachment['url']) ) {
Index: wp-admin/edit-tags.php
===================================================================
--- wp-admin/edit-tags.php	(revision 18499)
+++ wp-admin/edit-tags.php	(working copy)
@@ -150,7 +150,7 @@
 
 default:
 if ( ! empty($_REQUEST['_wp_http_referer']) ) {
-	$location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) );
+	$location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) );
 
 	if ( ! empty( $_REQUEST['paged'] ) )
 		$location = add_query_arg( 'paged', (int) $_REQUEST['paged'] );
@@ -239,7 +239,7 @@
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title );
 if ( !empty($_REQUEST['s']) )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
 </h2>
 
 <?php if ( isset($_REQUEST['message']) && ( $msg = (int) $_REQUEST['message'] ) ) : ?>
Index: wp-admin/update.php
===================================================================
--- wp-admin/update.php	(revision 18499)
+++ wp-admin/update.php	(working copy)
@@ -26,7 +26,7 @@
 		check_admin_referer( 'bulk-update-plugins' );
 
 		if ( isset( $_GET['plugins'] ) )
-			$plugins = explode( ',', stripslashes($_GET['plugins']) );
+			$plugins = explode( ',', wp_unslash($_GET['plugins']) );
 		elseif ( isset( $_POST['checked'] ) )
 			$plugins = (array) $_POST['checked'];
 		else
@@ -109,7 +109,7 @@
 		$nonce = 'install-plugin_' . $plugin;
 		$url = 'update.php?action=install-plugin&plugin=' . $plugin;
 		if ( isset($_GET['from']) )
-			$url .= '&from=' . urlencode(stripslashes($_GET['from']));
+			$url .= '&from=' . urlencode(wp_unslash($_GET['from']));
 
 		$type = 'web'; //Install plugin type, From Web or an Upload.
 
@@ -170,7 +170,7 @@
 		check_admin_referer( 'bulk-update-themes' );
 
 		if ( isset( $_GET['themes'] ) )
-			$themes = explode( ',', stripslashes($_GET['themes']) );
+			$themes = explode( ',', wp_unslash($_GET['themes']) );
 		elseif ( isset( $_POST['checked'] ) )
 			$themes = (array) $_POST['checked'];
 		else
Index: wp-admin/theme-editor.php
===================================================================
--- wp-admin/theme-editor.php	(revision 18499)
+++ wp-admin/theme-editor.php	(working copy)
@@ -45,7 +45,7 @@
 if (empty($theme)) {
 	$theme = get_current_theme();
 } else {
-	$theme = stripslashes($theme);
+	$theme = wp_unslash($theme);
 }
 
 if ( ! isset($themes[$theme]) )
@@ -59,7 +59,7 @@
 	else
 		$file = $allowed_files[0];
 } else {
-	$file = stripslashes($file);
+	$file = wp_unslash($file);
 	if ( 'theme' == $dir ) {
 		$file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ;
 	} else if ( 'style' == $dir) {
@@ -77,7 +77,7 @@
 
 	check_admin_referer('edit-theme_' . $file . $theme);
 
-	$newcontent = stripslashes($_POST['newcontent']);
+	$newcontent = wp_unslash($_POST['newcontent']);
 	$theme = urlencode($theme);
 	if (is_writeable($file)) {
 		//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
Index: wp-admin/admin.php
===================================================================
--- wp-admin/admin.php	(revision 18499)
+++ wp-admin/admin.php	(working copy)
@@ -41,7 +41,7 @@
 	do_action('after_db_upgrade');
 } elseif ( get_option('db_version') != $wp_db_version ) {
 	if ( !is_multisite() ) {
-		wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
+		wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(wp_unslash($_SERVER['REQUEST_URI']))));
 		exit;
 	} elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
 		/**
@@ -84,7 +84,7 @@
 $editing = false;
 
 if ( isset($_GET['page']) ) {
-	$plugin_page = stripslashes($_GET['page']);
+	$plugin_page = wp_unslash($_GET['page']);
 	$plugin_page = plugin_basename($plugin_page);
 }
 
Index: wp-admin/user-new.php
===================================================================
--- wp-admin/user-new.php	(revision 18499)
+++ wp-admin/user-new.php	(working copy)
@@ -92,7 +92,7 @@
 			$add_user_errors = $user_id;
 		} else {
 			if ( current_user_can('edit_users') ) {
-				$new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
+				$new_user_login = apply_filters('pre_user_login', sanitize_user(wp_unslash($_REQUEST['user_login']), true));
 				$redirect = 'users.php?usersearch='. urlencode($new_user_login) . '&update=add' . '#user-' . $user_id;
 			} else {
 				$redirect = add_query_arg( 'update', 'add', 'user-new.php' );
@@ -107,7 +107,7 @@
 		if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
 			$add_user_errors = $user_details[ 'errors' ];
 		} else {
-			$new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
+			$new_user_login = apply_filters('pre_user_login', sanitize_user(wp_unslash($_REQUEST['user_login']), true));
 			if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
 				add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
 			}
@@ -275,7 +275,7 @@
 	$var = "new_user_$var";
 	if( isset( $_POST['createuser'] ) ) {
 		if ( ! isset($$var) )
-			$$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
+			$$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
 	} else {
 		$$var = false;
 	}
Index: wp-admin/upload.php
===================================================================
--- wp-admin/upload.php	(revision 18499)
+++ wp-admin/upload.php	(working copy)
@@ -124,7 +124,7 @@
 	wp_redirect( $location );
 	exit;
 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
-	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
 	 exit;
 }
 
Index: wp-admin/edit-form-comment.php
===================================================================
--- wp-admin/edit-form-comment.php	(revision 18499)
+++ wp-admin/edit-form-comment.php	(working copy)
@@ -134,7 +134,7 @@
 ?>
 <input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
 <input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
-<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
+<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
 <?php wp_original_referer_field(true, 'previous'); ?>
 <input type="hidden" name="noredir" value="1" />
 
Index: wp-admin/edit-form-advanced.php
===================================================================
--- wp-admin/edit-form-advanced.php	(revision 18499)
+++ wp-admin/edit-form-advanced.php	(working copy)
@@ -210,7 +210,7 @@
 <input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
-<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
+<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
 <?php
 if ( 'draft' != $post->post_status )
 	wp_original_referer_field(true, 'previous');
Index: wp-admin/network/site-info.php
===================================================================
--- wp-admin/network/site-info.php	(revision 18499)
+++ wp-admin/network/site-info.php	(working copy)
@@ -56,7 +56,7 @@
 	delete_option( 'rewrite_rules' );
 
 	// update blogs table
-	$blog_data = stripslashes_deep( $_POST['blog'] );
+	$blog_data = wp_unslash( $_POST['blog'] );
 	$existing_details = get_blog_details( $id, false );
 	$blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
 	foreach ( $blog_data_checkboxes as $c ) {
Index: wp-admin/network/edit.php
===================================================================
--- wp-admin/network/edit.php	(revision 18499)
+++ wp-admin/network/edit.php	(working copy)
@@ -154,7 +154,7 @@
 		foreach ( $options as $option_name ) {
 			if ( ! isset($_POST[$option_name]) )
 				continue;
-			$value = stripslashes_deep( $_POST[$option_name] );
+			$value = wp_unslash( $_POST[$option_name] );
 			update_site_option( $option_name, $value );
 		}
 
Index: wp-admin/edit.php
===================================================================
--- wp-admin/edit.php	(revision 18499)
+++ wp-admin/edit.php	(working copy)
@@ -138,7 +138,7 @@
 	wp_redirect($sendback);
 	exit();
 } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
-	 wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
+	 wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) ) );
 	 exit;
 }
 
Index: wp-admin/upgrade.php
===================================================================
--- wp-admin/upgrade.php	(revision 18499)
+++ wp-admin/upgrade.php	(working copy)
@@ -72,7 +72,7 @@
 <?php else :
 switch ( $step ) :
 	case 0:
-		$goback = stripslashes( wp_get_referer() );
+		$goback = wp_unslash( wp_get_referer() );
 		$goback = esc_url_raw( $goback );
 		$goback = urlencode( $goback );
 ?>
@@ -85,7 +85,7 @@
 	case 1:
 		wp_upgrade();
 
-			$backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) :  __get_option( 'home' ) . '/';
+			$backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) :  __get_option( 'home' ) . '/';
 			$backto = esc_url( $backto );
 			$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
 ?>
Index: wp-admin/options.php
===================================================================
--- wp-admin/options.php	(revision 18499)
+++ wp-admin/options.php	(working copy)
@@ -115,16 +115,16 @@
 	if ( 'options' == $option_page ) {
 		if ( is_multisite() && ! is_super_admin() )
 			wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
-		$options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
+		$options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
 	} else {
 		$options = $whitelist_options[ $option_page ];
 	}
 
 	// Handle custom date/time formats
 	if ( 'general' == $option_page ) {
-		if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
+		if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
 			$_POST['date_format'] = $_POST['date_format_custom'];
-		if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
+		if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
 			$_POST['time_format'] = $_POST['time_format_custom'];
 		// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
 		if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
@@ -145,7 +145,7 @@
 				$value = $_POST[$option];
 			if ( !is_array($value) )
 				$value = trim($value);
-			$value = stripslashes_deep($value);
+			$value = wp_unslash($value);
 			update_option($option, $value);
 		}
 	}
Index: wp-admin/user-edit.php
===================================================================
--- wp-admin/user-edit.php	(revision 18499)
+++ wp-admin/user-edit.php	(working copy)
@@ -49,7 +49,7 @@
 );
 
 
-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
+$wp_http_referer = remove_query_arg(array('update', 'delete_count'), wp_unslash($wp_http_referer));
 
 $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
 
Index: wp-admin/press-this.php
===================================================================
--- wp-admin/press-this.php	(revision 18499)
+++ wp-admin/press-this.php	(working copy)
@@ -96,11 +96,11 @@
 }
 
 // Set Variables
-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
 
 $selection = '';
 if ( !empty($_GET['s']) ) {
-	$selection = str_replace('&apos;', "'", stripslashes($_GET['s']));
+	$selection = str_replace('&apos;', "'", wp_unslash($_GET['s']));
 	$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
 }
 
Index: wp-admin/link-manager.php
===================================================================
--- wp-admin/link-manager.php	(revision 18499)
+++ wp-admin/link-manager.php	(working copy)
@@ -31,7 +31,7 @@
 		exit;
 	}
 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
-	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
 	 exit;
 }
 
@@ -61,7 +61,7 @@
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php
 if ( !empty($_REQUEST['s']) )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
 </h2>
 
 <?php
Index: wp-admin/install.php
===================================================================
--- wp-admin/install.php	(revision 18499)
+++ wp-admin/install.php	(working copy)
@@ -82,10 +82,10 @@
 	if ( ! empty( $_POST ) )
 		$blog_public = isset( $_POST['blog_public'] );
 
-	$weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-	$user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-	$admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
-	$admin_email  = isset( $_POST['admin_email']  ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
+	$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+	$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+	$admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
+	$admin_email  = isset( $_POST['admin_email']  ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
 
 	if ( ! is_null( $error ) ) {
 ?>
@@ -181,11 +181,11 @@
 
 		display_header();
 		// Fill in the data we gathered
-		$weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-		$user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
+		$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+		$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
 		$admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
 		$admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
-		$admin_email  = isset( $_POST['admin_email']  ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
+		$admin_email  = isset( $_POST['admin_email']  ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
 		$public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
 		// check e-mail address
 		$error = false;
Index: wp-admin/plugin-editor.php
===================================================================
--- wp-admin/plugin-editor.php	(revision 18499)
+++ wp-admin/plugin-editor.php	(working copy)
@@ -30,7 +30,7 @@
 	wp_die( __('There are no plugins installed on this site.') );
 
 if ( isset($_REQUEST['file']) )
-	$plugin = stripslashes($_REQUEST['file']);
+	$plugin = wp_unslash($_REQUEST['file']);
 
 if ( empty($plugin) ) {
 	$plugin = array_keys($plugins);
@@ -42,7 +42,7 @@
 if ( empty($file) )
 	$file = $plugin_files[0];
 else
-	$file = stripslashes($file);
+	$file = wp_unslash($file);
 
 $file = validate_file_to_edit($file, $plugin_files);
 $real_file = WP_PLUGIN_DIR . '/' . $file;
@@ -54,7 +54,7 @@
 
 	check_admin_referer('edit-plugin_' . $file);
 
-	$newcontent = stripslashes($_POST['newcontent']);
+	$newcontent = wp_unslash($_POST['newcontent']);
 	if ( is_writeable($real_file) ) {
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);