Ticket #11119: press-this-xss-bug-11-10-2009.patch
| File press-this-xss-bug-11-10-2009.patch, 736 bytes (added by , 14 years ago) |
|---|
-
wp-admin/press-this.php
91 91 } 92 92 93 93 // Set Variables 94 $title = isset($_GET['t']) ? esc_html( aposfix(stripslashes($_GET['t']))) : '';95 $selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s'])) ) : '';94 $title = isset($_GET['t']) ? esc_html( aposfix(stripslashes( $_GET['t'] )) ) : ''; 95 $selection = isset($_GET['s']) ? esc_html( trim(aposfix(stripslashes( $_GET['s'] ))) ) : ''; 96 96 if ( ! empty($selection) ) { 97 97 $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection); 98 98 $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';