Ticket #12402: 12402.2.diff
File 12402.2.diff, 3.2 KB (added by , 15 years ago) |
---|
-
wp-includes/functions.php
1448 1448 * @return array Sanitized $array. 1449 1449 */ 1450 1450 function add_magic_quotes( $array ) { 1451 foreach ( (array) $array as $k => $v ) { 1452 if ( is_array( $v ) ) { 1453 $array[$k] = add_magic_quotes( $v ); 1454 } else { 1455 $array[$k] = addslashes( $v ); 1456 } 1457 } 1458 return $array; 1451 return addslashes_deep($array); 1459 1452 } 1460 1453 1461 1454 /** -
wp-includes/load.php
504 504 * @since 3.0.0 505 505 */ 506 506 function wp_magic_quotes() { 507 // If already slashed, strip. 508 if ( get_magic_quotes_gpc() ) { 509 $_GET = stripslashes_deep( $_GET ); 510 $_POST = stripslashes_deep( $_POST ); 511 $_COOKIE = stripslashes_deep( $_COOKIE ); 507 if ( !get_magic_quotes_gpc() ) { 508 $_GET = addslashes_deep( $_GET ); 509 $_POST = addslashes_deep( $_POST ); 510 $_COOKIE = addslashes_deep( $_COOKIE ); 512 511 } 513 512 514 // Escape with wpdb. 515 $_GET = add_magic_quotes( $_GET ); 516 $_POST = add_magic_quotes( $_POST ); 517 $_COOKIE = add_magic_quotes( $_COOKIE ); 518 $_SERVER = add_magic_quotes( $_SERVER ); 513 $_SERVER = addslashes_deep( $_SERVER ); 519 514 520 515 // Force REQUEST to be GET + POST. 521 516 $_REQUEST = array_merge( $_GET, $_POST ); -
wp-includes/formatting.php
1199 1199 /** 1200 1200 * Adds slashes to escape strings. 1201 1201 * 1202 * Slashes will first be removed if magic_quotes_gpc is set, see {@link1203 * http://www.php.net/magic_quotes} for more details.1204 *1205 1202 * @since 0.71 1206 1203 * 1207 1204 * @param string $gpc The string returned from HTTP request data. 1208 1205 * @return string Returns a string escaped with slashes. 1209 1206 */ 1210 1207 function addslashes_gpc($gpc) { 1211 if ( get_magic_quotes_gpc() )1212 $gpc = stripslashes($gpc); 1208 return get_magic_quotes_gpc() ? $gpc : addslashes_deep($gpc); 1209 } 1213 1210 1214 return esc_sql($gpc); 1211 /** 1212 * Navigates through an array and adds slashes to the values. 1213 * 1214 * If an array is passed, the array_map() function causes a callback to pass the 1215 * value back to the function. The slashes from this value will added. 1216 * 1217 * @since 2.0.0 1218 * 1219 * @param array|string $value The array or string to be slashed. 1220 * @return array|string Slashed array (or string in the callback). 1221 */ 1222 function addslashes_deep($value) { 1223 return is_array($value) ? array_map('addslashes_deep', $value) : addslashes($value); 1215 1224 } 1216 1225 1217 1226 /** … … 1222 1231 * 1223 1232 * @since 2.0.0 1224 1233 * 1225 * @param array|string $value The array or string to be strip ed.1234 * @param array|string $value The array or string to be stripped. 1226 1235 * @return array|string Stripped array (or string in the callback). 1227 1236 */ 1228 1237 function stripslashes_deep($value) { 1229 $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); 1230 return $value; 1238 return is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); 1231 1239 } 1232 1240 1233 1241 /**