WordPress.org

Make WordPress Core

Ticket #12402: 12402.2.diff

File 12402.2.diff, 3.2 KB (added by ryan, 8 years ago)

Introduce addslashes_deep() and standardize on it.

  • wp-includes/functions.php

     
    14481448 * @return array Sanitized $array.
    14491449 */
    14501450function add_magic_quotes( $array ) {
    1451         foreach ( (array) $array as $k => $v ) {
    1452                 if ( is_array( $v ) ) {
    1453                         $array[$k] = add_magic_quotes( $v );
    1454                 } else {
    1455                         $array[$k] = addslashes( $v );
    1456                 }
    1457         }
    1458         return $array;
     1451        return addslashes_deep($array);
    14591452}
    14601453
    14611454/**
  • wp-includes/load.php

     
    504504 * @since 3.0.0
    505505 */
    506506function wp_magic_quotes() {
    507         // If already slashed, strip.
    508         if ( get_magic_quotes_gpc() ) {
    509                 $_GET    = stripslashes_deep( $_GET    );
    510                 $_POST   = stripslashes_deep( $_POST   );
    511                 $_COOKIE = stripslashes_deep( $_COOKIE );
     507        if ( !get_magic_quotes_gpc() ) {
     508                $_GET    = addslashes_deep( $_GET    );
     509                $_POST   = addslashes_deep( $_POST   );
     510                $_COOKIE = addslashes_deep( $_COOKIE );
    512511        }
    513512
    514         // Escape with wpdb.
    515         $_GET    = add_magic_quotes( $_GET    );
    516         $_POST   = add_magic_quotes( $_POST   );
    517         $_COOKIE = add_magic_quotes( $_COOKIE );
    518         $_SERVER = add_magic_quotes( $_SERVER );
     513        $_SERVER = addslashes_deep( $_SERVER );
    519514
    520515        // Force REQUEST to be GET + POST.
    521516        $_REQUEST = array_merge( $_GET, $_POST );
  • wp-includes/formatting.php

     
    11991199/**
    12001200 * Adds slashes to escape strings.
    12011201 *
    1202  * Slashes will first be removed if magic_quotes_gpc is set, see {@link
    1203  * http://www.php.net/magic_quotes} for more details.
    1204  *
    12051202 * @since 0.71
    12061203 *
    12071204 * @param string $gpc The string returned from HTTP request data.
    12081205 * @return string Returns a string escaped with slashes.
    12091206 */
    12101207function addslashes_gpc($gpc) {
    1211         if ( get_magic_quotes_gpc() )
    1212                 $gpc = stripslashes($gpc);
     1208        return get_magic_quotes_gpc() ? $gpc : addslashes_deep($gpc);
     1209}
    12131210
    1214         return esc_sql($gpc);
     1211/**
     1212 * Navigates through an array and adds slashes to the values.
     1213 *
     1214 * If an array is passed, the array_map() function causes a callback to pass the
     1215 * value back to the function. The slashes from this value will added.
     1216 *
     1217 * @since 2.0.0
     1218 *
     1219 * @param array|string $value The array or string to be slashed.
     1220 * @return array|string Slashed array (or string in the callback).
     1221 */
     1222function addslashes_deep($value) {
     1223        return is_array($value) ? array_map('addslashes_deep', $value) : addslashes($value);
    12151224}
    12161225
    12171226/**
     
    12221231 *
    12231232 * @since 2.0.0
    12241233 *
    1225  * @param array|string $value The array or string to be striped.
     1234 * @param array|string $value The array or string to be stripped.
    12261235 * @return array|string Stripped array (or string in the callback).
    12271236 */
    12281237function stripslashes_deep($value) {
    1229         $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
    1230         return $value;
     1238        return is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
    12311239}
    12321240
    12331241/**