Ticket #21767: 21767.19.diff
File 21767.19.diff, 157.7 KB (added by , 11 years ago) |
---|
-
wp-login.php
399 399 } 400 400 401 401 // 10 days 402 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );402 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 403 403 404 404 wp_safe_redirect( wp_get_referer() ); 405 405 exit(); … … 434 434 do_action('lost_password'); 435 435 login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors); 436 436 437 $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';437 $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; 438 438 439 439 ?> 440 440 … … 533 533 $user_login = ''; 534 534 $user_email = ''; 535 535 if ( $http_post ) { 536 $user_login = wp_unslash( $_POST['user_login'] );537 $user_email = wp_unslash( $_POST['user_email'] );536 $user_login = $_POST['user_login']; 537 $user_email = $_POST['user_email']; 538 538 $errors = register_new_user($user_login, $user_email); 539 539 if ( !is_wp_error($errors) ) { 540 540 $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; … … 550 550 <form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post"> 551 551 <p> 552 552 <label for="user_login"><?php _e('Username') ?><br /> 553 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login); ?>" size="20" /></label>553 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" /></label> 554 554 </p> 555 555 <p> 556 556 <label for="user_email"><?php _e('E-mail') ?><br /> 557 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email); ?>" size="25" /></label>557 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" /></label> 558 558 </p> 559 559 <?php do_action('register_form'); ?> 560 560 <p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p> … … 670 670 login_header(__('Log In'), '', $errors); 671 671 672 672 if ( isset($_POST['log']) ) 673 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] )) : '';673 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; 674 674 $rememberme = ! empty( $_POST['rememberme'] ); 675 675 ?> 676 676 -
wp-comments-post.php
17 17 18 18 nocache_headers(); 19 19 20 $ post_data = wp_unslash( $_POST );20 $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; 21 21 22 $comment_post_ID = isset($post_data['comment_post_ID']) ? (int) $post_data['comment_post_ID'] : 0;23 24 22 $post = get_post($comment_post_ID); 25 23 26 24 if ( empty($post->comment_status) ) { … … 49 47 do_action('pre_comment_on_post', $comment_post_ID); 50 48 } 51 49 52 $comment_author = ( isset( $post_data['author'] ) ) ? trim( strip_tags( $post_data['author'] )) : null;53 $comment_author_email = ( isset( $post_data['email'] ) ) ? trim( $post_data['email']) : null;54 $comment_author_url = ( isset( $post_data['url'] ) ) ? trim( $post_data['url']) : null;55 $comment_content = ( isset( $post_data['comment'] ) ) ? trim( $post_data['comment']) : null;50 $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; 51 $comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; 52 $comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; 53 $comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; 56 54 57 55 // If the user is logged in 58 56 $user = wp_get_current_user(); 59 57 if ( $user->exists() ) { 60 58 if ( empty( $user->display_name ) ) 61 $user->display_name =$user->user_login;62 $comment_author = $ user->display_name;63 $comment_author_email = $ user->user_email;64 $comment_author_url = $ user->user_url;59 $user->display_name=$user->user_login; 60 $comment_author = $wpdb->escape($user->display_name); 61 $comment_author_email = $wpdb->escape($user->user_email); 62 $comment_author_url = $wpdb->escape($user->user_url); 65 63 if ( current_user_can('unfiltered_html') ) { 66 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $ post_data['_wp_unfiltered_html_comment'] ) {64 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 67 65 kses_remove_filters(); // start with a clean slate 68 66 kses_init_filters(); // set up the filters 69 67 } … … 85 83 if ( '' == $comment_content ) 86 84 wp_die( __('<strong>ERROR</strong>: please type a comment.') ); 87 85 88 $comment_parent = isset($ post_data['comment_parent']) ? absint($post_data['comment_parent']) : 0;86 $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; 89 87 90 88 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 91 89 … … 94 92 $comment = get_comment($comment_id); 95 93 do_action('set_comment_cookies', $comment, $user); 96 94 97 $location = empty($ post_data['redirect_to']) ? get_comment_link($comment_id) : $post_data['redirect_to'] . '#comment-' . $comment_id;95 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; 98 96 $location = apply_filters('comment_post_redirect', $location, $comment); 99 97 100 98 wp_safe_redirect( $location ); -
wp-includes/default-filters.php
14 14 15 15 // Strip, trim, kses, special chars for string saves 16 16 foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) { 17 add_filter( $filter, 'sanitize_text_field' );18 add_filter( $filter, 'wp_ kses_data');17 add_filter( $filter, 'sanitize_text_field' ); 18 add_filter( $filter, 'wp_filter_kses' ); 19 19 add_filter( $filter, '_wp_specialchars', 30 ); 20 20 } 21 21 … … 31 31 32 32 // Kses only for textarea saves 33 33 foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) { 34 add_filter( $filter, 'wp_ kses_data' );34 add_filter( $filter, 'wp_filter_kses' ); 35 35 } 36 36 37 37 // Kses only for textarea admin displays … … 46 46 foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) { 47 47 add_filter( $filter, 'trim' ); 48 48 add_filter( $filter, 'sanitize_email' ); 49 add_filter( $filter, 'wp_ kses_data' );49 add_filter( $filter, 'wp_filter_kses' ); 50 50 } 51 51 52 52 // Email admin display -
wp-includes/post-template.php
583 583 $wp_hasher = new PasswordHash(8, true); 584 584 } 585 585 586 $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );586 $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 587 587 588 588 return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); 589 589 } -
wp-includes/taxonomy.php
958 958 if ( empty($value) ) 959 959 return false; 960 960 } else if ( 'name' == $field ) { 961 // Assume already escaped 962 $value = stripslashes($value); 961 963 $field = 't.name'; 962 964 } else { 963 965 $term = get_term( (int) $value, $taxonomy, $output, $filter); … … 1497 1499 return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) ); 1498 1500 } 1499 1501 1500 $term = trim( $term);1502 $term = trim( stripslashes( $term ) ); 1501 1503 1502 1504 if ( '' === $slug = sanitize_title($term) ) 1503 1505 return 0; … … 2059 2061 $args = sanitize_term($args, $taxonomy, 'db'); 2060 2062 extract($args, EXTR_SKIP); 2061 2063 2064 // expected_slashed ($name) 2065 $name = stripslashes($name); 2066 $description = stripslashes($description); 2067 2062 2068 if ( empty($slug) ) 2063 2069 $slug = sanitize_title($name); 2064 2070 … … 2438 2444 if ( is_wp_error( $term ) ) 2439 2445 return $term; 2440 2446 2447 // Escape data pulled from DB. 2448 $term = add_magic_quotes($term); 2449 2441 2450 // Merge old and new args with new args overwriting old ones. 2442 2451 $args = array_merge($term, $args); 2443 2452 … … 2446 2455 $args = sanitize_term($args, $taxonomy, 'db'); 2447 2456 extract($args, EXTR_SKIP); 2448 2457 2458 // expected_slashed ($name) 2459 $name = stripslashes($name); 2460 $description = stripslashes($description); 2461 2449 2462 if ( '' == trim($name) ) 2450 2463 return new WP_Error('empty_term_name', __('A name is required for this term')); 2451 2464 -
wp-includes/ms-files.php
58 58 header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); 59 59 60 60 // Support for Conditional GET 61 $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;61 $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; 62 62 63 63 if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) 64 64 $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; -
wp-includes/class-wp-customize-manager.php
310 310 public function post_value( $setting ) { 311 311 if ( ! isset( $this->_post_values ) ) { 312 312 if ( isset( $_POST['customized'] ) ) 313 $this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );313 $this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true ); 314 314 else 315 315 $this->_post_values = false; 316 316 } -
wp-includes/post.php
1677 1677 * @link http://codex.wordpress.org/Function_Reference/add_post_meta 1678 1678 * 1679 1679 * @param int $post_id Post ID. 1680 * @param string $meta_key Metadata name (expected slashed).1681 * @param mixed $meta_value Metadata value (expected slashed).1680 * @param string $meta_key Metadata name. 1681 * @param mixed $meta_value Metadata value. 1682 1682 * @param bool $unique Optional, default is false. Whether the same key should not be added. 1683 1683 * @return bool False for failure. True for success. 1684 1684 */ 1685 function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) { 1686 //_deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' ); 1687 1688 // expected slashed 1689 $meta_key = stripslashes( $meta_key ); 1690 $meta_value = stripslashes_deep( $meta_value ); 1691 1692 return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique ); 1693 } 1694 1695 /** 1696 * Add meta data field to a post. 1697 * 1698 * Post meta data is called "Custom Fields" on the Administration Screen. 1699 * 1700 * @since 3.6.0 1701 * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta 1702 * 1703 * @param int $post_id Post ID. 1704 * @param string $meta_key Metadata name (clean, slashes already stripped). 1705 * @param mixed $meta_value Metadata value (clean, slashes already stripped). 1706 * @param bool $unique Optional, default is false. Whether the same key should not be added. 1707 * @return bool False for failure. True for success. 1708 */ 1709 function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) { 1685 function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { 1710 1686 // make sure meta is added to the post, not a revision 1711 if ( $the_post = wp_is_post_revision( $post_id) )1687 if ( $the_post = wp_is_post_revision($post_id) ) 1712 1688 $post_id = $the_post; 1713 1689 1714 return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique);1690 return add_metadata('post', $post_id, $meta_key, $meta_value, $unique); 1715 1691 } 1716 1692 1717 1693 /** … … 1768 1744 * @link http://codex.wordpress.org/Function_Reference/update_post_meta 1769 1745 * 1770 1746 * @param int $post_id Post ID. 1771 * @param string $meta_key Metadata key (expected slashed).1772 * @param mixed $meta_value Metadata value (expected slashed).1747 * @param string $meta_key Metadata key. 1748 * @param mixed $meta_value Metadata value. 1773 1749 * @param mixed $prev_value Optional. Previous value to check before removing. 1774 1750 * @return bool False on failure, true if success. 1775 1751 */ 1776 function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) { 1777 //_deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' ); 1778 1779 // expected slashed 1780 $meta_key = stripslashes( $meta_key ); 1781 $meta_value = stripslashes_deep( $meta_value ); 1782 1783 return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value ); 1784 } 1785 1786 /** 1787 * Update post meta field based on post ID. 1788 * 1789 * Use the $prev_value parameter to differentiate between meta fields with the 1790 * same key and post ID. 1791 * 1792 * If the meta field for the post does not exist, it will be added. 1793 * 1794 * @since 3.6.0 1795 * @uses $wpdb 1796 * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta 1797 * 1798 * @param int $post_id Post ID. 1799 * @param string $meta_key Metadata key (clean, slashes already stripped). 1800 * @param mixed $meta_value Metadata value (clean, slashes already stripped). 1801 * @param mixed $prev_value Optional. Previous value to check before removing. 1802 * @return bool False on failure, true if success. 1803 */ 1804 function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) { 1752 function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { 1805 1753 // make sure meta is added to the post, not a revision 1806 if ( $the_post = wp_is_post_revision( $post_id) )1754 if ( $the_post = wp_is_post_revision($post_id) ) 1807 1755 $post_id = $the_post; 1808 1756 1809 return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value);1757 return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value); 1810 1758 } 1811 1759 1812 1760 /** … … 2393 2341 2394 2342 do_action('wp_trash_post', $post_id); 2395 2343 2396 wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);2397 wp_add_post_meta($post_id,'_wp_trash_meta_time', time());2344 add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); 2345 add_post_meta($post_id,'_wp_trash_meta_time', time()); 2398 2346 2399 2347 $post['post_status'] = 'trash'; 2400 2348 wp_insert_post($post); … … 2470 2418 $statuses = array(); 2471 2419 foreach ( $comments as $comment ) 2472 2420 $statuses[$comment->comment_ID] = $comment->comment_approved; 2473 wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);2421 add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); 2474 2422 2475 2423 // Set status for all comments to post-trashed 2476 2424 $result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id)); … … 2846 2794 2847 2795 $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); 2848 2796 2797 // expected_slashed (everything!) 2849 2798 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); 2850 2799 $data = apply_filters('wp_insert_post_data', $data, $postarr); 2800 $data = stripslashes_deep( $data ); 2851 2801 $where = array( 'ID' => $post_ID ); 2852 2802 2853 2803 if ( $update ) { … … 2860 2810 } 2861 2811 } else { 2862 2812 if ( isset($post_mime_type) ) 2863 $data['post_mime_type'] = $post_mime_type; // This isn't in the update2813 $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update 2864 2814 // If there is a suggested ID, use it if not already present 2865 2815 if ( !empty($import_id) ) { 2866 2816 $import_id = (int) $import_id; … … 2921 2871 else 2922 2872 return 0; 2923 2873 } 2924 wp_update_post_meta($post_ID, '_wp_page_template', $page_template);2874 update_post_meta($post_ID, '_wp_page_template', $page_template); 2925 2875 } 2926 2876 2927 2877 wp_transition_post_status($data['post_status'], $previous_status, $post); … … 2954 2904 if ( is_object($postarr) ) { 2955 2905 // non-escaped post was passed 2956 2906 $postarr = get_object_vars($postarr); 2907 $postarr = add_magic_quotes($postarr); 2957 2908 } 2958 2909 2959 2910 // First, get all of the original fields 2960 2911 $post = get_post($postarr['ID'], ARRAY_A); 2961 2912 2913 // Escape data pulled from DB. 2914 $post = add_magic_quotes($post); 2915 2962 2916 // Passed post category list overwrites existing category list if not empty. 2963 2917 if ( isset($postarr['post_category']) && is_array($postarr['post_category']) 2964 2918 && 0 != count($postarr['post_category']) ) … … 3396 3350 $trackback_urls = explode(',', $tb_list); 3397 3351 foreach( (array) $trackback_urls as $tb_url) { 3398 3352 $tb_url = trim($tb_url); 3399 trackback($tb_url, $post_title, $excerpt, $post_id);3353 trackback($tb_url, stripslashes($post_title), $excerpt, $post_id); 3400 3354 } 3401 3355 } 3402 3356 } … … 3739 3693 if ( ! empty( $meta_key ) || ! empty( $meta_value ) ) { 3740 3694 $join = " LEFT JOIN $wpdb->postmeta ON ( $wpdb->posts.ID = $wpdb->postmeta.post_id )"; 3741 3695 3696 // meta_key and meta_value might be slashed 3697 $meta_key = stripslashes($meta_key); 3698 $meta_value = stripslashes($meta_value); 3742 3699 if ( ! empty( $meta_key ) ) 3743 3700 $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key); 3744 3701 if ( ! empty( $meta_value ) ) … … 3963 3920 else 3964 3921 $post_name = sanitize_title($post_name); 3965 3922 3923 // expected_slashed ($post_name) 3966 3924 $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); 3967 3925 3968 3926 if ( empty($post_date) ) … … 4005 3963 if ( ! isset($pinged) ) 4006 3964 $pinged = ''; 4007 3965 3966 // expected_slashed (everything!) 4008 3967 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); 3968 $data = stripslashes_deep( $data ); 4009 3969 4010 3970 if ( $update ) { 4011 3971 $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); … … 4050 4010 clean_post_cache( $post_ID ); 4051 4011 4052 4012 if ( ! empty( $context ) ) 4053 wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true );4013 add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); 4054 4014 4055 4015 if ( $update) { 4056 4016 do_action('edit_attachment', $post_ID); … … 4437 4397 4438 4398 // if we haven't added this old slug before, add it now 4439 4399 if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) ) 4440 wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);4400 add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); 4441 4401 4442 4402 // if the new slug was used previously, delete it from the list 4443 4403 if ( in_array($post->post_name, $old_slugs) ) … … 4854 4814 return; 4855 4815 4856 4816 if ( get_option('default_pingback_flag') ) 4857 wp_add_post_meta( $post_id, '_pingme', '1' );4858 wp_add_post_meta( $post_id, '_encloseme', '1' );4817 add_post_meta( $post_id, '_pingme', '1' ); 4818 add_post_meta( $post_id, '_encloseme', '1' ); 4859 4819 4860 4820 wp_schedule_single_event(time(), 'do_pings'); 4861 4821 } … … 4933 4893 $thumbnail_id = absint( $thumbnail_id ); 4934 4894 if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) { 4935 4895 if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) ) 4936 return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );4896 return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); 4937 4897 else 4938 4898 return delete_post_meta( $post->ID, '_thumbnail_id' ); 4939 4899 } -
wp-includes/default-widgets.php
413 413 if ( current_user_can('unfiltered_html') ) 414 414 $instance['text'] = $new_instance['text']; 415 415 else 416 $instance['text'] = wp_kses_post( $new_instance['text'] );416 $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed 417 417 $instance['filter'] = isset($new_instance['filter']); 418 418 return $instance; 419 419 } … … 1057 1057 } 1058 1058 1059 1059 function update( $new_instance, $old_instance ) { 1060 $instance['title'] = strip_tags( $new_instance['title']);1061 $instance['taxonomy'] = $new_instance['taxonomy'];1060 $instance['title'] = strip_tags(stripslashes($new_instance['title'])); 1061 $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); 1062 1062 return $instance; 1063 1063 } 1064 1064 … … 1119 1119 } 1120 1120 1121 1121 function update( $new_instance, $old_instance ) { 1122 $instance['title'] = strip_tags( $new_instance['title']);1122 $instance['title'] = strip_tags( stripslashes($new_instance['title']) ); 1123 1123 $instance['nav_menu'] = (int) $new_instance['nav_menu']; 1124 1124 return $instance; 1125 1125 } -
wp-includes/revision.php
241 241 return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) ); 242 242 243 243 $post = _wp_post_revision_fields( $post, $autosave ); 244 $post = add_magic_quotes($post); //since data is from db 244 245 245 246 $revision_id = wp_insert_post( $post ); 246 247 if ( is_wp_error($revision_id) ) … … 319 320 320 321 $update['ID'] = $revision['post_parent']; 321 322 323 $update = add_magic_quotes( $update ); //since data is from db 324 322 325 $post_id = wp_update_post( $update ); 323 326 if ( is_wp_error( $post_id ) ) 324 327 return $post_id; -
wp-includes/comment.php
633 633 */ 634 634 function sanitize_comment_cookies() { 635 635 if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { 636 $comment_author = wp_unslash( $_COOKIE['comment_author_'.COOKIEHASH]);637 $comment_author = apply_filters('pre_comment_author_name',$comment_author);636 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 637 $comment_author = stripslashes($comment_author); 638 638 $comment_author = esc_attr($comment_author); 639 639 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 640 640 } 641 641 642 642 if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { 643 $comment_author_email = wp_unslash( $_COOKIE['comment_author_email_'.COOKIEHASH]);644 $comment_author_email = apply_filters('pre_comment_author_email',$comment_author_email);643 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 644 $comment_author_email = stripslashes($comment_author_email); 645 645 $comment_author_email = esc_attr($comment_author_email); 646 646 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 647 647 } 648 648 649 649 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 650 $comment_author_url = wp_unslash( $_COOKIE['comment_author_url_'.COOKIEHASH]);651 $comment_author_url = apply_filters('pre_comment_author_url',$comment_author_url);650 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 651 $comment_author_url = stripslashes($comment_author_url); 652 652 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 653 653 } 654 654 } … … 670 670 extract($commentdata, EXTR_SKIP); 671 671 672 672 // Simple duplicate check 673 $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author ); 673 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 674 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' "; 674 675 if ( $comment_author_email ) 675 $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email );676 $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content );676 $dupe .= "OR comment_author_email = '$comment_author_email' "; 677 $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; 677 678 if ( $wpdb->get_var($dupe) ) { 678 679 do_action( 'comment_duplicate_trigger', $commentdata ); 679 680 if ( defined('DOING_AJAX') ) … … 1261 1262 */ 1262 1263 function wp_insert_comment($commentdata) { 1263 1264 global $wpdb; 1264 extract( $commentdata, EXTR_SKIP);1265 extract(stripslashes_deep($commentdata), EXTR_SKIP); 1265 1266 1266 1267 if ( ! isset($comment_author_IP) ) 1267 1268 $comment_author_IP = ''; … … 1490 1491 // First, get all of the original fields 1491 1492 $comment = get_comment($commentarr['comment_ID'], ARRAY_A); 1492 1493 1494 // Escape data pulled from DB. 1495 $comment = esc_sql($comment); 1496 1493 1497 $old_status = $comment['comment_approved']; 1494 1498 1495 1499 // Merge old and new fields with new fields overwriting old ones. … … 1498 1502 $commentarr = wp_filter_comment( $commentarr ); 1499 1503 1500 1504 // Now extract the merged array. 1501 extract( $commentarr, EXTR_SKIP);1505 extract(stripslashes_deep($commentarr), EXTR_SKIP); 1502 1506 1503 1507 $comment_content = apply_filters('comment_save_pre', $comment_content); 1504 1508 -
wp-includes/functions.php
468 468 } 469 469 470 470 if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 471 wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );471 add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); 472 472 } 473 473 } 474 474 } … … 1257 1257 * @return string Original referer field. 1258 1258 */ 1259 1259 function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { 1260 $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );1260 $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; 1261 1261 $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; 1262 $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref) . '" />';1262 $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />'; 1263 1263 if ( $echo ) 1264 1264 echo $orig_referer_field; 1265 1265 return $orig_referer_field; … … 1278 1278 function wp_get_referer() { 1279 1279 $ref = false; 1280 1280 if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) 1281 $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );1281 $ref = $_REQUEST['_wp_http_referer']; 1282 1282 else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) 1283 $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );1283 $ref = $_SERVER['HTTP_REFERER']; 1284 1284 1285 if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ))1285 if ( $ref && $ref !== $_SERVER['REQUEST_URI'] ) 1286 1286 return $ref; 1287 1287 return false; 1288 1288 } … … 1298 1298 */ 1299 1299 function wp_get_original_referer() { 1300 1300 if ( !empty( $_REQUEST['_wp_original_http_referer'] ) ) 1301 return wp_unslash( $_REQUEST['_wp_original_http_referer'] );1301 return $_REQUEST['_wp_original_http_referer']; 1302 1302 return false; 1303 1303 } 1304 1304 -
wp-includes/user.php
1390 1390 } 1391 1391 1392 1392 $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); 1393 $data = stripslashes_deep( $data ); 1393 1394 1394 1395 if ( $update ) { 1395 1396 $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); … … 1461 1462 $user[ $key ] = get_user_meta( $ID, $key, true ); 1462 1463 } 1463 1464 1465 // Escape data pulled from DB. 1466 $user = add_magic_quotes( $user ); 1467 1464 1468 // If password is changing, hash it now. 1465 1469 if ( ! empty($userdata['user_pass']) ) { 1466 1470 $plaintext_pass = $userdata['user_pass']; … … 1500 1504 * @return int The new user's ID. 1501 1505 */ 1502 1506 function wp_create_user($username, $password, $email = '') { 1503 $user_login = $username;1504 $user_email = $email;1507 $user_login = esc_sql( $username ); 1508 $user_email = esc_sql( $email ); 1505 1509 $user_pass = $password; 1506 1510 1507 1511 $userdata = compact('user_login', 'user_email', 'user_pass'); -
wp-includes/class-wp-xmlrpc-server.php
280 280 $meta['id'] = (int) $meta['id']; 281 281 $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); 282 282 if ( isset($meta['key']) ) { 283 $meta['key'] = stripslashes( $meta['key'] ); 283 284 if ( $meta['key'] != $pmeta->meta_key ) 284 285 continue; 286 $meta['value'] = stripslashes_deep( $meta['value'] ); 285 287 if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) 286 288 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); 287 289 } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { 288 290 delete_metadata_by_mid( 'post', $meta['id'] ); 289 291 } 290 } elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key']) ) {291 wp_add_post_meta( $post_id, $meta['key'], $meta['value'] );292 } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) { 293 add_post_meta( $post_id, $meta['key'], $meta['value'] ); 292 294 } 293 295 } 294 296 } … … 460 462 return $this->blogger_getUsersBlogs( $args ); 461 463 } 462 464 465 $this->escape( $args ); 466 463 467 $username = $args[0]; 464 468 $password = $args[1]; 465 469 … … 951 955 if ( ! $this->minimum_args( $args, 4 ) ) 952 956 return $this->error; 953 957 958 $this->escape( $args ); 959 954 960 $blog_id = (int) $args[0]; 955 961 $username = $args[1]; 956 962 $password = $args[2]; … … 1233 1239 if ( ! $this->minimum_args( $args, 5 ) ) 1234 1240 return $this->error; 1235 1241 1242 $this->escape( $args ); 1243 1236 1244 $blog_id = (int) $args[0]; 1237 1245 $username = $args[1]; 1238 1246 $password = $args[2]; … … 1266 1274 else 1267 1275 $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] ); 1268 1276 1277 $this->escape( $post ); 1269 1278 $merged_content_struct = array_merge( $post, $content_struct ); 1270 1279 1271 1280 $retval = $this->_insert_post( $user, $merged_content_struct ); … … 1292 1301 if ( ! $this->minimum_args( $args, 4 ) ) 1293 1302 return $this->error; 1294 1303 1304 $this->escape( $args ); 1305 1295 1306 $blog_id = (int) $args[0]; 1296 1307 $username = $args[1]; 1297 1308 $password = $args[2]; … … 1366 1377 if ( ! $this->minimum_args( $args, 4 ) ) 1367 1378 return $this->error; 1368 1379 1380 $this->escape( $args ); 1381 1369 1382 $blog_id = (int) $args[0]; 1370 1383 $username = $args[1]; 1371 1384 $password = $args[2]; … … 1421 1434 if ( ! $this->minimum_args( $args, 3 ) ) 1422 1435 return $this->error; 1423 1436 1437 $this->escape( $args ); 1438 1424 1439 $blog_id = (int) $args[0]; 1425 1440 $username = $args[1]; 1426 1441 $password = $args[2]; … … 1514 1529 if ( ! $this->minimum_args( $args, 4 ) ) 1515 1530 return $this->error; 1516 1531 1532 $this->escape( $args ); 1533 1517 1534 $blog_id = (int) $args[0]; 1518 1535 $username = $args[1]; 1519 1536 $password = $args[2]; … … 1599 1616 if ( ! $this->minimum_args( $args, 5 ) ) 1600 1617 return $this->error; 1601 1618 1619 $this->escape( $args ); 1620 1602 1621 $blog_id = (int) $args[0]; 1603 1622 $username = $args[1]; 1604 1623 $password = $args[2]; … … 1689 1708 if ( ! $this->minimum_args( $args, 5 ) ) 1690 1709 return $this->error; 1691 1710 1711 $this->escape( $args ); 1712 1692 1713 $blog_id = (int) $args[0]; 1693 1714 $username = $args[1]; 1694 1715 $password = $args[2]; … … 1754 1775 if ( ! $this->minimum_args( $args, 5 ) ) 1755 1776 return $this->error; 1756 1777 1778 $this->escape( $args ); 1779 1757 1780 $blog_id = (int) $args[0]; 1758 1781 $username = $args[1]; 1759 1782 $password = $args[2]; … … 1805 1828 if ( ! $this->minimum_args( $args, 4 ) ) 1806 1829 return $this->error; 1807 1830 1831 $this->escape( $args ); 1832 1808 1833 $blog_id = (int) $args[0]; 1809 1834 $username = $args[1]; 1810 1835 $password = $args[2]; … … 1878 1903 if ( ! $this->minimum_args( $args, 4 ) ) 1879 1904 return $this->error; 1880 1905 1906 $this->escape( $args ); 1907 1881 1908 $blog_id = (int) $args[0]; 1882 1909 $username = $args[1]; 1883 1910 $password = $args[2]; … … 1920 1947 if ( ! $this->minimum_args( $args, 3 ) ) 1921 1948 return $this->error; 1922 1949 1950 $this->escape( $args ); 1951 1923 1952 $blog_id = (int) $args[0]; 1924 1953 $username = $args[1]; 1925 1954 $password = $args[2]; … … 1987 2016 if ( ! $this->minimum_args( $args, 4 ) ) 1988 2017 return $this->error; 1989 2018 2019 $this->escape( $args ); 2020 1990 2021 $blog_id = (int) $args[0]; 1991 2022 $username = $args[1]; 1992 2023 $password = $args[2]; … … 2038 2069 if ( ! $this->minimum_args( $args, 3 ) ) 2039 2070 return $this->error; 2040 2071 2072 $this->escape( $args ); 2073 2041 2074 $blog_id = (int) $args[0]; 2042 2075 $username = $args[1]; 2043 2076 $password = $args[2]; … … 2104 2137 if ( ! $this->minimum_args( $args, 3 ) ) 2105 2138 return $this->error; 2106 2139 2140 $this->escape( $args ); 2141 2107 2142 $blog_id = (int) $args[0]; 2108 2143 $username = $args[1]; 2109 2144 $password = $args[2]; … … 2149 2184 if ( ! $this->minimum_args( $args, 4 ) ) 2150 2185 return $this->error; 2151 2186 2187 $this->escape( $args ); 2188 2152 2189 $blog_id = (int) $args[0]; 2153 2190 $username = $args[1]; 2154 2191 $password = $args[2]; … … 2212 2249 * @return array 2213 2250 */ 2214 2251 function wp_getPage($args) { 2252 $this->escape($args); 2253 2215 2254 $blog_id = (int) $args[0]; 2216 2255 $page_id = (int) $args[1]; 2217 2256 $username = $args[2]; … … 2253 2292 * @return array 2254 2293 */ 2255 2294 function wp_getPages($args) { 2295 $this->escape($args); 2296 2256 2297 $blog_id = (int) $args[0]; 2257 2298 $username = $args[1]; 2258 2299 $password = $args[2]; … … 2295 2336 * @return unknown 2296 2337 */ 2297 2338 function wp_newPage($args) { 2298 $username = $args[1]; 2299 $password = $args[2]; 2339 // Items not escaped here will be escaped in newPost. 2340 $username = $this->escape($args[1]); 2341 $password = $this->escape($args[2]); 2300 2342 $page = $args[3]; 2301 2343 $publish = $args[4]; 2302 2344 … … 2321 2363 * @return bool True, if success. 2322 2364 */ 2323 2365 function wp_deletePage($args) { 2366 $this->escape($args); 2367 2324 2368 $blog_id = (int) $args[0]; 2325 2369 $username = $args[1]; 2326 2370 $password = $args[2]; … … 2360 2404 * @return unknown 2361 2405 */ 2362 2406 function wp_editPage($args) { 2407 // Items not escaped here will be escaped in editPost. 2363 2408 $blog_id = (int) $args[0]; 2364 $page_id = (int) $ args[1];2365 $username = $ args[2];2366 $password = $ args[3];2409 $page_id = (int) $this->escape($args[1]); 2410 $username = $this->escape($args[2]); 2411 $password = $this->escape($args[3]); 2367 2412 $content = $args[4]; 2368 2413 $publish = $args[5]; 2369 2414 … … 2408 2453 function wp_getPageList($args) { 2409 2454 global $wpdb; 2410 2455 2456 $this->escape($args); 2457 2411 2458 $blog_id = (int) $args[0]; 2412 2459 $username = $args[1]; 2413 2460 $password = $args[2]; … … 2456 2503 * @return array 2457 2504 */ 2458 2505 function wp_getAuthors($args) { 2506 2507 $this->escape($args); 2508 2459 2509 $blog_id = (int) $args[0]; 2460 2510 $username = $args[1]; 2461 2511 $password = $args[2]; … … 2489 2539 * @return array 2490 2540 */ 2491 2541 function wp_getTags( $args ) { 2542 $this->escape( $args ); 2543 2492 2544 $blog_id = (int) $args[0]; 2493 2545 $username = $args[1]; 2494 2546 $password = $args[2]; … … 2528 2580 * @return int Category ID. 2529 2581 */ 2530 2582 function wp_newCategory($args) { 2583 $this->escape($args); 2584 2531 2585 $blog_id = (int) $args[0]; 2532 2586 $username = $args[1]; 2533 2587 $password = $args[2]; … … 2587 2641 * @return mixed See {@link wp_delete_term()} for return info. 2588 2642 */ 2589 2643 function wp_deleteCategory($args) { 2644 $this->escape($args); 2645 2590 2646 $blog_id = (int) $args[0]; 2591 2647 $username = $args[1]; 2592 2648 $password = $args[2]; … … 2617 2673 * @return array 2618 2674 */ 2619 2675 function wp_suggestCategories($args) { 2676 $this->escape($args); 2677 2620 2678 $blog_id = (int) $args[0]; 2621 2679 $username = $args[1]; 2622 2680 $password = $args[2]; … … 2652 2710 * @return array 2653 2711 */ 2654 2712 function wp_getComment($args) { 2713 $this->escape($args); 2714 2655 2715 $blog_id = (int) $args[0]; 2656 2716 $username = $args[1]; 2657 2717 $password = $args[2]; … … 2691 2751 * @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents 2692 2752 */ 2693 2753 function wp_getComments($args) { 2754 $this->escape($args); 2755 2694 2756 $blog_id = (int) $args[0]; 2695 2757 $username = $args[1]; 2696 2758 $password = $args[2]; … … 2749 2811 * @return mixed {@link wp_delete_comment()} 2750 2812 */ 2751 2813 function wp_deleteComment($args) { 2814 $this->escape($args); 2815 2752 2816 $blog_id = (int) $args[0]; 2753 2817 $username = $args[1]; 2754 2818 $password = $args[2]; … … 2801 2865 * @return bool True, on success. 2802 2866 */ 2803 2867 function wp_editComment($args) { 2868 $this->escape($args); 2869 2804 2870 $blog_id = (int) $args[0]; 2805 2871 $username = $args[1]; 2806 2872 $password = $args[2]; … … 2876 2942 function wp_newComment($args) { 2877 2943 global $wpdb; 2878 2944 2945 $this->escape($args); 2946 2879 2947 $blog_id = (int) $args[0]; 2880 2948 $username = $args[1]; 2881 2949 $password = $args[2]; … … 2910 2978 $comment['comment_post_ID'] = $post_id; 2911 2979 2912 2980 if ( $logged_in ) { 2913 $comment['comment_author'] = $ user->display_name;2914 $comment['comment_author_email'] = $ user->user_email;2915 $comment['comment_author_url'] = $ user->user_url;2981 $comment['comment_author'] = $wpdb->escape( $user->display_name ); 2982 $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); 2983 $comment['comment_author_url'] = $wpdb->escape( $user->user_url ); 2916 2984 $comment['user_ID'] = $user->ID; 2917 2985 } else { 2918 2986 $comment['comment_author'] = ''; … … 2959 3027 * @return array 2960 3028 */ 2961 3029 function wp_getCommentStatusList($args) { 3030 $this->escape( $args ); 3031 2962 3032 $blog_id = (int) $args[0]; 2963 3033 $username = $args[1]; 2964 3034 $password = $args[2]; … … 2983 3053 * @return array 2984 3054 */ 2985 3055 function wp_getCommentCount( $args ) { 3056 $this->escape($args); 3057 2986 3058 $blog_id = (int) $args[0]; 2987 3059 $username = $args[1]; 2988 3060 $password = $args[2]; … … 3014 3086 * @return array 3015 3087 */ 3016 3088 function wp_getPostStatusList( $args ) { 3089 $this->escape( $args ); 3090 3017 3091 $blog_id = (int) $args[0]; 3018 3092 $username = $args[1]; 3019 3093 $password = $args[2]; … … 3038 3112 * @return array 3039 3113 */ 3040 3114 function wp_getPageStatusList( $args ) { 3115 $this->escape( $args ); 3116 3041 3117 $blog_id = (int) $args[0]; 3042 3118 $username = $args[1]; 3043 3119 $password = $args[2]; … … 3062 3138 * @return array 3063 3139 */ 3064 3140 function wp_getPageTemplates( $args ) { 3141 $this->escape( $args ); 3142 3065 3143 $blog_id = (int) $args[0]; 3066 3144 $username = $args[1]; 3067 3145 $password = $args[2]; … … 3087 3165 * @return array 3088 3166 */ 3089 3167 function wp_getOptions( $args ) { 3168 $this->escape( $args ); 3169 3090 3170 $blog_id = (int) $args[0]; 3091 3171 $username = $args[1]; 3092 3172 $password = $args[2]; … … 3135 3215 * @return unknown 3136 3216 */ 3137 3217 function wp_setOptions( $args ) { 3218 $this->escape( $args ); 3219 3138 3220 $blog_id = (int) $args[0]; 3139 3221 $username = $args[1]; 3140 3222 $password = $args[2]; … … 3182 3264 * - 'metadata' 3183 3265 */ 3184 3266 function wp_getMediaItem($args) { 3267 $this->escape($args); 3268 3185 3269 $blog_id = (int) $args[0]; 3186 3270 $username = $args[1]; 3187 3271 $password = $args[2]; … … 3225 3309 * @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents 3226 3310 */ 3227 3311 function wp_getMediaLibrary($args) { 3312 $this->escape($args); 3313 3228 3314 $blog_id = (int) $args[0]; 3229 3315 $username = $args[1]; 3230 3316 $password = $args[2]; … … 3265 3351 * @return array 3266 3352 */ 3267 3353 function wp_getPostFormats( $args ) { 3354 $this->escape( $args ); 3355 3268 3356 $blog_id = (int) $args[0]; 3269 3357 $username = $args[1]; 3270 3358 $password = $args[2]; … … 3323 3411 if ( ! $this->minimum_args( $args, 4 ) ) 3324 3412 return $this->error; 3325 3413 3414 $this->escape( $args ); 3415 3326 3416 $blog_id = (int) $args[0]; 3327 3417 $username = $args[1]; 3328 3418 $password = $args[2]; … … 3367 3457 if ( ! $this->minimum_args( $args, 3 ) ) 3368 3458 return $this->error; 3369 3459 3460 $this->escape( $args ); 3461 3370 3462 $blog_id = (int) $args[0]; 3371 3463 $username = $args[1]; 3372 3464 $password = $args[2]; … … 3419 3511 if ( ! $this->minimum_args( $args, 4 ) ) 3420 3512 return $this->error; 3421 3513 3514 $this->escape( $args ); 3515 3422 3516 $blog_id = (int) $args[0]; 3423 3517 $username = $args[1]; 3424 3518 $password = $args[2]; … … 3483 3577 if ( ! $this->minimum_args( $args, 3 ) ) 3484 3578 return $this->error; 3485 3579 3580 $this->escape( $args ); 3581 3486 3582 $blog_id = (int) $args[0]; 3487 3583 $username = $args[1]; 3488 3584 $password = $args[2]; … … 3532 3628 if ( is_multisite() ) 3533 3629 return $this->_multisite_getUsersBlogs($args); 3534 3630 3631 $this->escape($args); 3632 3535 3633 $username = $args[1]; 3536 3634 $password = $args[2]; 3537 3635 … … 3593 3691 * @return array 3594 3692 */ 3595 3693 function blogger_getUserInfo($args) { 3694 3695 $this->escape($args); 3696 3596 3697 $username = $args[1]; 3597 3698 $password = $args[2]; 3598 3699 … … 3624 3725 * @return array 3625 3726 */ 3626 3727 function blogger_getPost($args) { 3728 3729 $this->escape($args); 3730 3627 3731 $post_ID = (int) $args[1]; 3628 3732 $username = $args[2]; 3629 3733 $password = $args[3]; … … 3642 3746 3643 3747 $categories = implode(',', wp_get_post_categories($post_ID)); 3644 3748 3645 $content = '<title>'. $post_data['post_title'].'</title>';3749 $content = '<title>'.stripslashes($post_data['post_title']).'</title>'; 3646 3750 $content .= '<category>'.$categories.'</category>'; 3647 $content .= $post_data['post_content'];3751 $content .= stripslashes($post_data['post_content']); 3648 3752 3649 3753 $struct = array( 3650 3754 'userid' => $post_data['post_author'], … … 3665 3769 * @return array 3666 3770 */ 3667 3771 function blogger_getRecentPosts($args) { 3772 3773 $this->escape($args); 3774 3668 3775 // $args[0] = appkey - ignored 3669 3776 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 3670 3777 $username = $args[2]; … … 3693 3800 $post_date = $this->_convert_date( $entry['post_date'] ); 3694 3801 $categories = implode(',', wp_get_post_categories($entry['ID'])); 3695 3802 3696 $content = '<title>'. $entry['post_title'].'</title>';3803 $content = '<title>'.stripslashes($entry['post_title']).'</title>'; 3697 3804 $content .= '<category>'.$categories.'</category>'; 3698 $content .= $entry['post_content'];3805 $content .= stripslashes($entry['post_content']); 3699 3806 3700 3807 $struct[] = array( 3701 3808 'userid' => $entry['post_author'], … … 3743 3850 * @return int 3744 3851 */ 3745 3852 function blogger_newPost($args) { 3853 3854 $this->escape($args); 3855 3746 3856 $blog_ID = (int) $args[1]; /* though we don't use it yet */ 3747 3857 $username = $args[2]; 3748 3858 $password = $args[3]; … … 3794 3904 * @return bool true when done. 3795 3905 */ 3796 3906 function blogger_editPost($args) { 3907 3908 $this->escape($args); 3909 3797 3910 $post_ID = (int) $args[1]; 3798 3911 $username = $args[2]; 3799 3912 $password = $args[3]; … … 3810 3923 if ( !$actual_post || $actual_post['post_type'] != 'post' ) 3811 3924 return new IXR_Error(404, __('Sorry, no such post.')); 3812 3925 3926 $this->escape($actual_post); 3927 3813 3928 if ( !current_user_can('edit_post', $post_ID) ) 3814 3929 return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); 3815 3930 … … 3845 3960 * @return bool True when post is deleted. 3846 3961 */ 3847 3962 function blogger_deletePost($args) { 3963 $this->escape($args); 3964 3848 3965 $post_ID = (int) $args[1]; 3849 3966 $username = $args[2]; 3850 3967 $password = $args[3]; … … 3913 4030 * @return int 3914 4031 */ 3915 4032 function mw_newPost($args) { 3916 $blog_ID = (int) $args[0]; 3917 $username = $args[1]; 3918 $password = $args[2]; 4033 $this->escape($args); 4034 4035 $blog_ID = (int) $args[0]; 4036 $username = $args[1]; 4037 $password = $args[2]; 3919 4038 $content_struct = $args[3]; 3920 $publish 4039 $publish = isset( $args[4] ) ? $args[4] : 0; 3921 4040 3922 4041 if ( !$user = $this->login($username, $password) ) 3923 4042 return $this->error; … … 4197 4316 } 4198 4317 } 4199 4318 if (!$found) 4200 wp_add_post_meta( $post_ID, 'enclosure', $encstring );4319 add_post_meta( $post_ID, 'enclosure', $encstring ); 4201 4320 } 4202 4321 } 4203 4322 … … 4231 4350 * @return bool True on success. 4232 4351 */ 4233 4352 function mw_editPost($args) { 4353 4354 $this->escape($args); 4355 4234 4356 $post_ID = (int) $args[0]; 4235 4357 $username = $args[1]; 4236 4358 $password = $args[2]; … … 4269 4391 } 4270 4392 } 4271 4393 4394 $this->escape($postdata); 4272 4395 extract($postdata, EXTR_SKIP); 4273 4396 4274 4397 // Let WordPress manage slug if none was provided. … … 4496 4619 * @return array 4497 4620 */ 4498 4621 function mw_getPost($args) { 4622 4623 $this->escape($args); 4624 4499 4625 $post_ID = (int) $args[0]; 4500 4626 $username = $args[1]; 4501 4627 $password = $args[2]; … … 4617 4743 * @return array 4618 4744 */ 4619 4745 function mw_getRecentPosts($args) { 4746 4747 $this->escape($args); 4748 4620 4749 $blog_ID = (int) $args[0]; 4621 4750 $username = $args[1]; 4622 4751 $password = $args[2]; … … 4729 4858 * @return array 4730 4859 */ 4731 4860 function mw_getCategories($args) { 4861 4862 $this->escape($args); 4863 4732 4864 $blog_ID = (int) $args[0]; 4733 4865 $username = $args[1]; 4734 4866 $password = $args[2]; … … 4775 4907 function mw_newMediaObject($args) { 4776 4908 global $wpdb; 4777 4909 4778 $blog_ID = (int) $args[0];4779 $username = $ args[1];4780 $password = $args[2];4781 $data = $args[3];4910 $blog_ID = (int) $args[0]; 4911 $username = $wpdb->escape($args[1]); 4912 $password = $wpdb->escape($args[2]); 4913 $data = $args[3]; 4782 4914 4783 4915 $name = sanitize_file_name( $data['name'] ); 4784 4916 $type = $data['type']; … … 4865 4997 * @return array 4866 4998 */ 4867 4999 function mt_getRecentPostTitles($args) { 5000 5001 $this->escape($args); 5002 4868 5003 $blog_ID = (int) $args[0]; 4869 5004 $username = $args[1]; 4870 5005 $password = $args[2]; … … 4922 5057 * @return array 4923 5058 */ 4924 5059 function mt_getCategoryList($args) { 5060 5061 $this->escape($args); 5062 4925 5063 $blog_ID = (int) $args[0]; 4926 5064 $username = $args[1]; 4927 5065 $password = $args[2]; … … 4957 5095 * @return array 4958 5096 */ 4959 5097 function mt_getPostCategories($args) { 5098 5099 $this->escape($args); 5100 4960 5101 $post_ID = (int) $args[0]; 4961 5102 $username = $args[1]; 4962 5103 $password = $args[2]; … … 4997 5138 * @return bool True on success. 4998 5139 */ 4999 5140 function mt_setPostCategories($args) { 5141 5142 $this->escape($args); 5143 5000 5144 $post_ID = (int) $args[0]; 5001 5145 $username = $args[1]; 5002 5146 $password = $args[2]; … … 5106 5250 * @return int 5107 5251 */ 5108 5252 function mt_publishPost($args) { 5253 5254 $this->escape($args); 5255 5109 5256 $post_ID = (int) $args[0]; 5110 5257 $username = $args[1]; 5111 5258 $password = $args[2]; … … 5127 5274 // retain old cats 5128 5275 $cats = wp_get_post_categories($post_ID); 5129 5276 $postdata['post_category'] = $cats; 5277 $this->escape($postdata); 5130 5278 5131 5279 $result = wp_update_post($postdata); 5132 5280 … … 5150 5298 5151 5299 do_action('xmlrpc_call', 'pingback.ping'); 5152 5300 5301 $this->escape($args); 5302 5153 5303 $pagelinkedfrom = $args[0]; 5154 5304 $pagelinkedto = $args[1]; 5155 5305 … … 5285 5435 $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); 5286 5436 5287 5437 $context = '[...] ' . esc_html( $excerpt ) . ' [...]'; 5288 $pagelinkedfrom = $ pagelinkedfrom;5438 $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); 5289 5439 5290 5440 $comment_post_ID = (int) $post_ID; 5291 5441 $comment_author = $title; 5292 5442 $comment_author_email = ''; 5293 $ comment_author;5443 $this->escape($comment_author); 5294 5444 $comment_author_url = $pagelinkedfrom; 5295 5445 $comment_content = $context; 5296 $ comment_content;5446 $this->escape($comment_content); 5297 5447 $comment_type = 'pingback'; 5298 5448 5299 5449 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type'); … … 5315 5465 * @return array 5316 5466 */ 5317 5467 function pingback_extensions_getPingbacks($args) { 5468 5318 5469 global $wpdb; 5319 5470 5320 5471 do_action('xmlrpc_call', 'pingback.extensions.getPingbacks'); 5321 5472 5473 $this->escape($args); 5474 5322 5475 $url = $args; 5323 5476 5324 5477 $post_ID = url_to_postid($url); -
wp-includes/query.php
1733 1733 // Category stuff 1734 1734 if ( !empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) { 1735 1735 $q['cat'] = ''.urldecode($q['cat']).''; 1736 $q['cat'] = addslashes_gpc($q['cat']); 1736 1737 $cat_array = preg_split('/[,\s]+/', $q['cat']); 1737 1738 $q['cat'] = ''; 1738 1739 $req_cats = array(); … … 2186 2187 2187 2188 // If a search pattern is specified, load the posts that match 2188 2189 if ( !empty($q['s']) ) { 2190 // added slashes screw with quote grouping when done early, so done later 2191 $q['s'] = stripslashes($q['s']); 2189 2192 if ( empty( $_GET['s'] ) && $this->is_main_query() ) 2190 2193 $q['s'] = urldecode($q['s']); 2191 2194 if ( !empty($q['sentence']) ) { … … 2294 2297 $whichauthor = ''; 2295 2298 } else { 2296 2299 $q['author'] = (string)urldecode($q['author']); 2300 $q['author'] = addslashes_gpc($q['author']); 2297 2301 if ( strpos($q['author'], '-') !== false ) { 2298 2302 $eq = '!='; 2299 2303 $andor = 'AND'; … … 2357 2361 $allowed_keys[] = 'meta_value_num'; 2358 2362 } 2359 2363 $q['orderby'] = urldecode($q['orderby']); 2364 $q['orderby'] = addslashes_gpc($q['orderby']); 2360 2365 2361 2366 $orderby_array = array(); 2362 2367 foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { -
wp-includes/link-template.php
746 746 if ( empty($query) ) 747 747 $search = get_search_query( false ); 748 748 else 749 $search = $query;749 $search = stripslashes($query); 750 750 751 751 $permastruct = $wp_rewrite->get_search_permastruct(); 752 752 -
wp-includes/formatting.php
1716 1716 * @return string Converted content. 1717 1717 */ 1718 1718 function wp_rel_nofollow( $text ) { 1719 // This is a pre save filter, so text is already escaped. 1720 $text = stripslashes($text); 1719 1721 $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text); 1722 $text = esc_sql($text); 1720 1723 return $text; 1721 1724 } 1722 1725 … … 3339 3342 $urls_to_ping = implode( "\n", $urls_to_ping ); 3340 3343 return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping ); 3341 3344 } 3342 3343 /**3344 * Conditionally add slashes to a string or array of strings. When GPCS3345 * slashing is turned on, slashes are added. When GPCS slashing is turned off,3346 * slashes are not added.3347 *3348 * This should be used when preparing data for core API that deal directly with GPCS data.3349 * Outside of unit tests, this should be rare. At a future date GPCS will no longer3350 * be slashed and this function will noop. Do not use it in situations where adding slashes3351 * is always required regardless of whether GPCS is slashed.3352 *3353 * @since 3.6.03354 *3355 * @param string|array $value String or array of strings to slash.3356 * @return string|array Slashed $value3357 */3358 function wp_slash( $value ) {3359 if ( is_array( $value ) ) {3360 foreach ( $value as $k => $v ) {3361 if ( is_array( $v ) ) {3362 $value[$k] = wp_slash( $v );3363 } else {3364 $value[$k] = addslashes( $v );3365 }3366 }3367 } else {3368 $value = addslashes( $value );3369 }3370 3371 return $value;3372 }3373 3374 /**3375 * Conditionally removes slashes from a string or array of strings. When GPCS3376 * slashing is turned on, slashes are stripped. When GPCS slashing is turned off,3377 * slashes are not stripped.3378 *3379 * This should be used for GPCS data before passing it along to core API. At a future3380 * date GPCS will no longer be slashed and this function will noop. Do not use it3381 * in situations where slash stripping is always required regardless of whether GPCS3382 * is slashed.3383 *3384 * @since 3.6.03385 *3386 * @param string|array $value String or array of strings to unslash.3387 * @return string|array Unslashed $value3388 */3389 function wp_unslash( $value ) {3390 return stripslashes_deep( $value );3391 } -
wp-includes/class-wp.php
142 142 $this->did_permalink = true; 143 143 144 144 if ( isset($_SERVER['PATH_INFO']) ) 145 $pathinfo = wp_unslash( $_SERVER['PATH_INFO'] );145 $pathinfo = $_SERVER['PATH_INFO']; 146 146 else 147 147 $pathinfo = ''; 148 148 $pathinfo_array = explode('?', $pathinfo); 149 149 $pathinfo = str_replace("%", "%25", $pathinfo_array[0]); 150 $req_uri = wp_unslash( $_SERVER['REQUEST_URI'] );150 $req_uri = $_SERVER['REQUEST_URI']; 151 151 $req_uri_array = explode('?', $req_uri); 152 152 $req_uri = $req_uri_array[0]; 153 $self = wp_unslash( $_SERVER['PHP_SELF'] );153 $self = $_SERVER['PHP_SELF']; 154 154 $home_path = parse_url(home_url()); 155 155 if ( isset($home_path['path']) ) 156 156 $home_path = $home_path['path']; … … 255 255 if ( isset( $this->extra_query_vars[$wpvar] ) ) 256 256 $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; 257 257 elseif ( isset( $_POST[$wpvar] ) ) 258 $this->query_vars[$wpvar] = wp_unslash( $_POST[$wpvar] );258 $this->query_vars[$wpvar] = $_POST[$wpvar]; 259 259 elseif ( isset( $_GET[$wpvar] ) ) 260 $this->query_vars[$wpvar] = wp_unslash( $_GET[$wpvar] );260 $this->query_vars[$wpvar] = $_GET[$wpvar]; 261 261 elseif ( isset( $perma_query_vars[$wpvar] ) ) 262 262 $this->query_vars[$wpvar] = $perma_query_vars[$wpvar]; 263 263 … … 356 356 357 357 // Support for Conditional GET 358 358 if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) 359 $client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597359 $client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH'])); 360 360 else $client_etag = false; 361 361 362 362 $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); -
wp-includes/deprecated.php
2383 2383 2384 2384 /** @todo Might need fix because usermeta data is assumed to be already escaped */ 2385 2385 if ( is_string($meta_value) ) 2386 $meta_value = $meta_value;2386 $meta_value = stripslashes($meta_value); 2387 2387 $meta_value = maybe_serialize($meta_value); 2388 2388 2389 2389 if (empty($meta_value)) { -
wp-includes/cron.php
230 230 set_transient( 'doing_cron', $doing_wp_cron ); 231 231 232 232 ob_start(); 233 wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] )) );233 wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) ); 234 234 echo ' '; 235 235 236 236 // flush any buffers and send the headers -
wp-includes/pluggable.php
782 782 // The cookie is no good so force login 783 783 nocache_headers(); 784 784 785 $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . wp_unslash( $_SERVER['HTTP_HOST'] ) . wp_unslash( $_SERVER['REQUEST_URI'] ));785 $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 786 786 787 787 $login_url = wp_login_url($redirect, true); 788 788 … … 1197 1197 function wp_new_user_notification($user_id, $plaintext_pass = '') { 1198 1198 $user = get_userdata( $user_id ); 1199 1199 1200 $user_login = $user->user_login;1201 $user_email = $user->user_email;1200 $user_login = stripslashes($user->user_login); 1201 $user_email = stripslashes($user->user_email); 1202 1202 1203 1203 // The blogname option is escaped with esc_html on the way into the database in sanitize_option 1204 1204 // we want to reverse this for the plain text arena of emails. -
wp-includes/feed.php
488 488 */ 489 489 function self_link() { 490 490 $host = @parse_url(home_url()); 491 echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );491 echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ) ) ); 492 492 } 493 493 494 494 /** -
wp-includes/kses.php
1326 1326 */ 1327 1327 function kses_init_filters() { 1328 1328 // Normal filtering 1329 add_filter('title_save_pre', 'wp_ kses_data');1329 add_filter('title_save_pre', 'wp_filter_kses'); 1330 1330 1331 1331 // Comment filtering 1332 1332 if ( current_user_can( 'unfiltered_html' ) ) 1333 add_filter( 'pre_comment_content', 'wp_ kses_post' );1333 add_filter( 'pre_comment_content', 'wp_filter_post_kses' ); 1334 1334 else 1335 add_filter( 'pre_comment_content', 'wp_ kses_data' );1335 add_filter( 'pre_comment_content', 'wp_filter_kses' ); 1336 1336 1337 1337 // Post filtering 1338 add_filter('content_save_pre', 'wp_ kses_post');1339 add_filter('excerpt_save_pre', 'wp_ kses_post');1340 add_filter('content_filtered_save_pre', 'wp_ kses_post');1338 add_filter('content_save_pre', 'wp_filter_post_kses'); 1339 add_filter('excerpt_save_pre', 'wp_filter_post_kses'); 1340 add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); 1341 1341 } 1342 1342 1343 1343 /** … … 1354 1354 */ 1355 1355 function kses_remove_filters() { 1356 1356 // Normal filtering 1357 remove_filter('title_save_pre', 'wp_ kses_data');1357 remove_filter('title_save_pre', 'wp_filter_kses'); 1358 1358 1359 1359 // Comment filtering 1360 remove_filter( 'pre_comment_content', 'wp_ kses_post' );1361 remove_filter( 'pre_comment_content', 'wp_ kses_data' );1360 remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); 1361 remove_filter( 'pre_comment_content', 'wp_filter_kses' ); 1362 1362 1363 1363 // Post filtering 1364 remove_filter('content_save_pre', 'wp_ kses_post');1365 remove_filter('excerpt_save_pre', 'wp_ kses_post');1366 remove_filter('content_filtered_save_pre', 'wp_ kses_post');1364 remove_filter('content_save_pre', 'wp_filter_post_kses'); 1365 remove_filter('excerpt_save_pre', 'wp_filter_post_kses'); 1366 remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); 1367 1367 } 1368 1368 1369 1369 /** -
wp-includes/widgets.php
224 224 } 225 225 226 226 foreach ( $settings as $number => $new_instance ) { 227 $new_instance = wp_unslash($new_instance);227 $new_instance = stripslashes_deep($new_instance); 228 228 $this->_set($number); 229 229 230 230 $old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array(); -
wp-includes/class-wp-customize-setting.php
144 144 * @return mixed Null if an input isn't valid, otherwise the sanitized value. 145 145 */ 146 146 public function sanitize( $value ) { 147 $value = wp_unslash( $value );147 $value = stripslashes_deep( $value ); 148 148 return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); 149 149 } 150 150 -
wp-includes/ms-functions.php
279 279 * @return int The ID of the newly created blog 280 280 */ 281 281 function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) { 282 $domain = addslashes( $domain ); 283 $weblog_title = addslashes( $weblog_title ); 284 282 285 if ( empty($path) ) 283 286 $path = '/'; 284 287 … … 579 582 580 583 $blogname = apply_filters( 'newblogname', $blogname ); 581 584 582 $blog_title = $blog_title;585 $blog_title = stripslashes( $blog_title ); 583 586 584 587 if ( empty( $blog_title ) ) 585 588 $errors->add('blog_title', __( 'Please enter a site title.' ) ); … … 632 635 global $wpdb; 633 636 634 637 $key = substr( md5( time() . rand() . $domain ), 0, 16 ); 635 $meta = serialize( $meta ); 638 $meta = serialize($meta); 639 $domain = $wpdb->escape($domain); 640 $path = $wpdb->escape($path); 641 $title = $wpdb->escape($title); 636 642 637 643 $wpdb->insert( $wpdb->signups, array( 638 644 'domain' => $domain, … … 645 651 'meta' => $meta 646 652 ) ); 647 653 648 wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta);654 wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta); 649 655 } 650 656 651 657 /** … … 834 840 } 835 841 836 842 $meta = maybe_unserialize($signup->meta); 837 $user_login = $ signup->user_login;838 $user_email = $ signup->user_email;843 $user_login = $wpdb->escape($signup->user_login); 844 $user_email = $wpdb->escape($signup->user_email); 839 845 $password = wp_generate_password( 12, false ); 840 846 841 847 $user_id = username_exists($user_login); … … 1151 1157 else 1152 1158 update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) ); 1153 1159 1154 update_option( 'blogname', $blog_title);1160 update_option( 'blogname', stripslashes( $blog_title ) ); 1155 1161 update_option( 'admin_email', '' ); 1156 1162 1157 1163 // remove all perms … … 1208 1214 if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) ) 1209 1215 return false; 1210 1216 1211 $welcome_email = get_site_option( 'welcome_email');1217 $welcome_email = stripslashes( get_site_option( 'welcome_email' ) ); 1212 1218 if ( $welcome_email == false ) 1213 $welcome_email = __( 'Dear User,1219 $welcome_email = stripslashes( __( 'Dear User, 1214 1220 1215 1221 Your new SITE_NAME site has been successfully set up at: 1216 1222 BLOG_URL … … 1222 1228 1223 1229 We hope you enjoy your new site. Thanks! 1224 1230 1225 --The Team @ SITE_NAME' ) ;1231 --The Team @ SITE_NAME' ) ); 1226 1232 1227 1233 $url = get_blogaddress_by_id($blog_id); 1228 1234 $user = get_userdata( $user_id ); … … 1246 1252 if ( empty( $current_site->site_name ) ) 1247 1253 $current_site->site_name = 'WordPress'; 1248 1254 1249 $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, $title) );1255 $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) ); 1250 1256 wp_mail($user->user_email, $subject, $message, $message_headers); 1251 1257 return true; 1252 1258 } … … 1475 1481 function wpmu_log_new_registrations( $blog_id, $user_id ) { 1476 1482 global $wpdb; 1477 1483 $user = get_userdata( (int) $user_id ); 1478 $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] )), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );1484 $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) ); 1479 1485 } 1480 1486 1481 1487 /** -
wp-includes/meta.php
42 42 43 43 $column = esc_sql($meta_type . '_id'); 44 44 45 // expected_slashed ($meta_key) 46 $meta_key = stripslashes($meta_key); 47 $meta_value = stripslashes_deep($meta_value); 45 48 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 46 49 47 50 $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); … … 110 113 $column = esc_sql($meta_type . '_id'); 111 114 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 112 115 116 // expected_slashed ($meta_key) 117 $meta_key = stripslashes($meta_key); 113 118 $passed_value = $meta_value; 119 $meta_value = stripslashes_deep($meta_value); 114 120 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 115 121 116 122 $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); … … 189 195 190 196 $type_column = esc_sql($meta_type . '_id'); 191 197 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 198 // expected_slashed ($meta_key) 199 $meta_key = stripslashes($meta_key); 200 $meta_value = stripslashes_deep($meta_value); 192 201 193 202 $check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all ); 194 203 if ( null !== $check ) -
wp-includes/nav-menu.php
369 369 370 370 $menu_item_db_id = (int) $menu_item_db_id; 371 371 372 wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );373 wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );374 wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );375 wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );376 wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );372 update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); 373 update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) ); 374 update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) ); 375 update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); 376 update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); 377 377 378 378 $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) ); 379 379 $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) ); 380 wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );381 wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );382 wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );380 update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); 381 update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); 382 update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); 383 383 384 384 if ( 0 == $menu_id ) 385 wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );385 update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() ); 386 386 elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) ) 387 387 delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' ); 388 388 -
wp-mail.php
202 202 $post_category = array(get_option('default_email_category')); 203 203 204 204 $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); 205 $post_data = add_magic_quotes($post_data); 205 206 206 207 $post_ID = wp_insert_post($post_data); 207 208 if ( is_wp_error( $post_ID ) ) -
wp-trackback.php
45 45 $charset = isset($_POST['charset']) ? $_POST['charset'] : ''; 46 46 47 47 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 48 $title = isset($_POST['title']) ? wp_unslash( $_POST['title']) : '';49 $excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt']) : '';50 $blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name']) : '';48 $title = isset($_POST['title']) ? stripslashes($_POST['title']) : ''; 49 $excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : ''; 50 $blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : ''; 51 51 52 52 if ($charset) 53 53 $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) ); … … 64 64 $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); 65 65 } 66 66 67 // Now that mb_convert_encoding() has been given a swing, we need to escape these three 68 $title = $wpdb->escape($title); 69 $excerpt = $wpdb->escape($excerpt); 70 $blog_name = $wpdb->escape($blog_name); 71 67 72 if ( is_single() || is_page() ) 68 73 $tb_id = $posts[0]->ID; 69 74 -
wp-admin/network.php
520 520 $base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH ); 521 521 $subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false; 522 522 if ( ! network_domain_check() ) { 523 $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );523 $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install ); 524 524 if ( is_wp_error( $result ) ) { 525 525 if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() ) 526 526 network_step2( $result ); -
wp-admin/options-head.php
2 2 /** 3 3 * WordPress Options Header. 4 4 * 5 * Displays updated message, if updated variable is part of the URL query. 5 * Resets variables: 'action', 'standalone', and 'option_group_id'. Displays 6 * updated message, if updated variable is part of the URL query. 6 7 * 7 8 * @package WordPress 8 9 * @subpackage Administration -
wp-admin/users.php
64 64 ); 65 65 66 66 if ( empty($_REQUEST) ) { 67 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] )) . '" />';67 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />'; 68 68 } elseif ( isset($_REQUEST['wp_http_referer']) ) { 69 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ));69 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); 70 70 $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />'; 71 71 } else { 72 72 $redirect = 'users.php'; … … 357 357 default: 358 358 359 359 if ( !empty($_GET['_wp_http_referer']) ) { 360 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ));360 wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); 361 361 exit; 362 362 } 363 363 … … 381 381 case 'add': 382 382 if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) { 383 383 $messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ), 384 esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),384 esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), 385 385 self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>'; 386 386 } else { 387 387 $messages[] = '<div id="message" class="updated"><p>' . __( 'New user created.' ) . '</p></div>'; -
wp-admin/edit-comments.php
20 20 check_admin_referer( 'bulk-comments' ); 21 21 22 22 if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { 23 $comment_status = $ _REQUEST['comment_status'];24 $delete_time = $ _REQUEST['pagegen_timestamp'];25 $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ));23 $comment_status = $wpdb->escape( $_REQUEST['comment_status'] ); 24 $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); 25 $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" ); 26 26 $doaction = 'delete'; 27 27 } elseif ( isset( $_REQUEST['delete_comments'] ) ) { 28 28 $comment_ids = $_REQUEST['delete_comments']; … … 95 95 wp_safe_redirect( $redirect_to ); 96 96 exit; 97 97 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { 98 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );98 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); 99 99 exit; 100 100 } 101 101 … … 153 153 echo __('Comments'); 154 154 155 155 if ( isset($_REQUEST['s']) && $_REQUEST['s'] ) 156 printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>156 printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?> 157 157 </h2> 158 158 159 159 <?php -
wp-admin/includes/class-wp-ms-sites-list-table.php
29 29 30 30 $pagenum = $this->get_pagenum(); 31 31 32 $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';32 $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : ''; 33 33 $wild = ''; 34 34 if ( false !== strpos($s, '*') ) { 35 35 $wild = '%'; -
wp-admin/includes/plugin-install.php
116 116 * @since 2.7.0 117 117 */ 118 118 function install_search_form( $type_selector = true ) { 119 $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term';120 $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : '';119 $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term'; 120 $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; 121 121 122 122 ?><form id="search-plugins" method="get" action=""> 123 123 <input type="hidden" name="tab" value="search" /> … … 160 160 * 161 161 */ 162 162 function install_plugins_favorites_form() { 163 $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );163 $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 164 164 ?> 165 165 <p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p> 166 166 <form method="get" action=""> … … 251 251 } 252 252 } 253 253 if ( isset($_GET['from']) ) 254 $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ));254 $url .= '&from=' . urlencode(stripslashes($_GET['from'])); 255 255 256 256 return compact('status', 'url', 'version'); 257 257 } … … 264 264 function install_plugin_information() { 265 265 global $tab; 266 266 267 $api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) ));267 $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) )); 268 268 269 269 if ( is_wp_error($api) ) 270 270 wp_die($api); … … 295 295 $api->$key = wp_kses( $api->$key, $plugins_allowedtags ); 296 296 } 297 297 298 $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.298 $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English. 299 299 if ( empty($section) || ! isset($api->sections[ $section ]) ) 300 300 $section = array_shift( $section_titles = array_keys((array)$api->sections) ); 301 301 -
wp-admin/includes/bookmark.php
39 39 40 40 if ( !empty( $link_id ) ) { 41 41 $_POST['link_id'] = $link_id; 42 return wp_update_link( wp_unslash( $_POST ));42 return wp_update_link( $_POST ); 43 43 } else { 44 return wp_insert_link( wp_unslash( $_POST ));44 return wp_insert_link( $_POST ); 45 45 } 46 46 } 47 47 … … 55 55 function get_default_link_to_edit() { 56 56 $link = new stdClass; 57 57 if ( isset( $_GET['linkurl'] ) ) 58 $link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ));58 $link->link_url = esc_url( $_GET['linkurl'] ); 59 59 else 60 60 $link->link_url = ''; 61 61 62 62 if ( isset( $_GET['name'] ) ) 63 $link->link_name = esc_attr( wp_unslash( $_GET['name'] ));63 $link->link_name = esc_attr( $_GET['name'] ); 64 64 else 65 65 $link->link_name = ''; 66 66 … … 137 137 $linkdata = wp_parse_args( $linkdata, $defaults ); 138 138 $linkdata = sanitize_bookmark( $linkdata, 'db' ); 139 139 140 extract( $linkdata, EXTR_SKIP );140 extract( stripslashes_deep( $linkdata ), EXTR_SKIP ); 141 141 142 142 $update = false; 143 143 … … 250 250 251 251 $link = get_bookmark( $link_id, ARRAY_A ); 252 252 253 // Escape data pulled from DB. 254 $link = add_magic_quotes( $link ); 255 253 256 // Passed link category list overwrites existing category list if not empty. 254 257 if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] ) 255 258 && 0 != count( $linkdata['link_category'] ) ) -
wp-admin/includes/taxonomy.php
157 157 // First, get all of the original fields 158 158 $category = get_category($cat_ID, ARRAY_A); 159 159 160 // Escape data pulled from DB. 161 $category = add_magic_quotes($category); 162 160 163 // Merge old and new fields with new fields overwriting old ones. 161 164 $catarr = array_merge($category, $catarr); 162 165 -
wp-admin/includes/class-wp-terms-list-table.php
52 52 $tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter 53 53 } 54 54 55 $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';55 $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : ''; 56 56 57 57 $args = array( 58 58 'search' => $search, … … 61 61 ); 62 62 63 63 if ( !empty( $_REQUEST['orderby'] ) ) 64 $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );64 $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) ); 65 65 66 66 if ( !empty( $_REQUEST['order'] ) ) 67 $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );67 $args['order'] = trim( stripslashes( $_REQUEST['order'] ) ); 68 68 69 69 $this->callback_args = $args; 70 70 -
wp-admin/includes/file.php
901 901 $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => '')); 902 902 903 903 // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option) 904 $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname']) : $credentials['hostname']);905 $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username']) : $credentials['username']);906 $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password']) : '');904 $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']); 905 $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']); 906 $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : ''); 907 907 908 908 // Check to see if we are setting the public/private keys for ssh 909 $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key']) : '');910 $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key']) : '');909 $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : ''); 910 $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : ''); 911 911 912 912 //sanitize the hostname, Some people might pass in odd-data: 913 913 $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off … … 925 925 else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL 926 926 $credentials['connection_type'] = 'ftps'; 927 927 else if ( !empty($_POST['connection_type']) ) 928 $credentials['connection_type'] = wp_unslash( $_POST['connection_type']);928 $credentials['connection_type'] = stripslashes($_POST['connection_type']); 929 929 else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP 930 930 $credentials['connection_type'] = 'ftp'; 931 931 … … 1050 1050 <?php 1051 1051 foreach ( (array) $extra_fields as $field ) { 1052 1052 if ( isset( $_POST[ $field ] ) ) 1053 echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';1053 echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '" />'; 1054 1054 } 1055 1055 submit_button( __( 'Proceed' ), 'button', 'upgrade' ); 1056 1056 ?> -
wp-admin/includes/ajax-actions.php
59 59 wp_die( 0 ); 60 60 } 61 61 62 $s = wp_unslash( $_GET['q'] );62 $s = stripslashes( $_GET['q'] ); 63 63 64 64 $comma = _x( ',', 'tag delimiter' ); 65 65 if ( ',' !== $comma ) … … 279 279 */ 280 280 281 281 function _wp_ajax_add_hierarchical_term() { 282 $post_data = wp_unslash( $_POST ); 283 284 $action = $post_data['action']; 282 $action = $_POST['action']; 285 283 $taxonomy = get_taxonomy(substr($action, 4)); 286 284 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 287 285 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 288 286 wp_die( -1 ); 289 $names = explode(',', $ post_data['new'.$taxonomy->name]);290 $parent = isset($ post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0;287 $names = explode(',', $_POST['new'.$taxonomy->name]); 288 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 291 289 if ( 0 > $parent ) 292 290 $parent = 0; 293 291 if ( $taxonomy->name == 'category' ) 294 $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array();292 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 295 293 else 296 $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array();294 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 297 295 $checked_categories = array_map( 'absint', (array) $post_category ); 298 296 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 299 297 … … 561 559 check_ajax_referer( $action ); 562 560 if ( !current_user_can( 'manage_categories' ) ) 563 561 wp_die( -1 ); 564 $names = explode( ',', wp_unslash( $_POST['newcat'] ));562 $names = explode(',', $_POST['newcat']); 565 563 $x = new WP_Ajax_Response(); 566 564 foreach ( $names as $cat_name ) { 567 565 $cat_name = trim($cat_name); … … 574 572 continue; 575 573 else if ( is_array( $cat_id ) ) 576 574 $cat_id = $cat_id['term_id']; 577 $cat_name = esc_html( wp_unslash( $cat_name ));575 $cat_name = esc_html(stripslashes($cat_name)); 578 576 $x->add( array( 579 577 'what' => 'link-category', 580 578 'id' => $cat_id, … … 588 586 function wp_ajax_add_tag() { 589 587 global $wp_list_table; 590 588 591 $post_data = wp_unslash( $_POST );592 593 589 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 594 $post_type = !empty($ post_data['post_type']) ? $post_data['post_type'] : 'post';595 $taxonomy = !empty($ post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag';590 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; 591 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 596 592 $tax = get_taxonomy($taxonomy); 597 593 598 594 if ( !current_user_can( $tax->cap->edit_terms ) ) … … 600 596 601 597 $x = new WP_Ajax_Response(); 602 598 603 $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data);599 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 604 600 605 601 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 606 602 $message = __('An error has occurred. Please reload the page and try again.'); … … 614 610 $x->send(); 615 611 } 616 612 617 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $ post_data['screen'] ) );613 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) ); 618 614 619 615 $level = 0; 620 616 if ( is_taxonomy_hierarchical($taxonomy) ) { … … 732 728 $user = wp_get_current_user(); 733 729 if ( $user->exists() ) { 734 730 $user_ID = $user->ID; 735 $comment_author = $ user->display_name;736 $comment_author_email = $ user->user_email;737 $comment_author_url = $ user->user_url;738 $comment_content = trim( wp_unslash( $_POST['content'] ));731 $comment_author = $wpdb->escape($user->display_name); 732 $comment_author_email = $wpdb->escape($user->user_email); 733 $comment_author_url = $wpdb->escape($user->user_url); 734 $comment_content = trim($_POST['content']); 739 735 if ( current_user_can( 'unfiltered_html' ) ) { 740 736 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 741 737 kses_remove_filters(); // start with a clean slate … … 961 957 ) ); 962 958 } else { // Update? 963 959 $mid = (int) key( $_POST['meta'] ); 964 $key = wp_unslash( $_POST['meta'][$mid]['key'] );965 $value = wp_unslash( $_POST['meta'][$mid]['value'] );960 $key = stripslashes( $_POST['meta'][$mid]['key'] ); 961 $value = stripslashes( $_POST['meta'][$mid]['value'] ); 966 962 if ( '' == trim($key) ) 967 963 wp_die( __( 'Please provide a custom field name.' ) ); 968 964 if ( '' == trim($value) ) … … 1231 1227 $args = array(); 1232 1228 1233 1229 if ( isset( $_POST['search'] ) ) 1234 $args['s'] = wp_unslash( $_POST['search'] );1230 $args['s'] = stripslashes( $_POST['search'] ); 1235 1231 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; 1236 1232 1237 1233 require(ABSPATH . WPINC . '/class-wp-editor.php'); … … 1332 1328 $data = &$_POST; 1333 1329 1334 1330 $post = get_post( $post_ID, ARRAY_A ); 1331 $post = add_magic_quotes($post); //since it is from db 1335 1332 1336 1333 $data['content'] = $post['post_content']; 1337 1334 $data['excerpt'] = $post['post_excerpt']; … … 1380 1377 1381 1378 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1382 1379 1383 $post_data = wp_unslash( $_POST ); 1384 1385 $taxonomy = sanitize_key( $post_data['taxonomy'] ); 1380 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1386 1381 $tax = get_taxonomy( $taxonomy ); 1387 1382 if ( ! $tax ) 1388 1383 wp_die( 0 ); … … 1392 1387 1393 1388 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); 1394 1389 1395 if ( ! isset($ post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) )1390 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1396 1391 wp_die( -1 ); 1397 1392 1398 1393 $tag = get_term( $id, $taxonomy ); 1399 $ post_data['description'] = $tag->description;1394 $_POST['description'] = $tag->description; 1400 1395 1401 $updated = wp_update_term($id, $taxonomy, $ post_data);1396 $updated = wp_update_term($id, $taxonomy, $_POST); 1402 1397 if ( $updated && !is_wp_error($updated) ) { 1403 1398 $tag = get_term( $updated['term_id'], $taxonomy ); 1404 1399 if ( !$tag || is_wp_error( $tag ) ) { … … 1430 1425 $post_types = get_post_types( array( 'public' => true ), 'objects' ); 1431 1426 unset( $post_types['attachment'] ); 1432 1427 1433 $s = wp_unslash( $_POST['ps'] );1428 $s = stripslashes( $_POST['ps'] ); 1434 1429 $searchand = $search = ''; 1435 1430 $args = array( 1436 1431 'post_type' => array_keys( $post_types ), … … 1601 1596 $post_id = null; 1602 1597 } 1603 1598 1604 $post_data = isset( $_REQUEST['post_data'] ) ? wp_unslash( $_REQUEST['post_data'] ): array();1599 $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); 1605 1600 1606 1601 // If the context is custom header or background, make sure the uploaded file is an image. 1607 1602 if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) { … … 1635 1630 1636 1631 if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { 1637 1632 if ( 'custom-background' === $post_data['context'] ) 1638 wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );1633 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); 1639 1634 1640 1635 if ( 'custom-header' === $post_data['context'] ) 1641 wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );1636 update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); 1642 1637 } 1643 1638 1644 1639 if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) … … 1783 1778 wp_die( 0 ); 1784 1779 1785 1780 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; 1786 wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );1781 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); 1787 1782 wp_die( 1 ); 1788 1783 } 1789 1784 … … 1878 1873 if ( ! current_user_can( 'edit_post', $id ) ) 1879 1874 wp_send_json_error(); 1880 1875 1881 $changes = wp_unslash( $_REQUEST['changes'] );1876 $changes = $_REQUEST['changes']; 1882 1877 $post = get_post( $id, ARRAY_A ); 1883 1878 1884 1879 if ( 'attachment' != $post['post_type'] ) … … 1895 1890 1896 1891 if ( isset( $changes['alt'] ) ) { 1897 1892 $alt = get_post_meta( $id, '_wp_attachment_image_alt', true ); 1898 $new_alt = $changes['alt'];1893 $new_alt = stripslashes( $changes['alt'] ); 1899 1894 if ( $alt != $new_alt ) { 1900 1895 $new_alt = wp_strip_all_tags( $new_alt, true ); 1901 wp_update_post_meta( $id, '_wp_attachment_image_alt', $new_alt);1896 update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) ); 1902 1897 } 1903 1898 } 1904 1899 … … 1920 1915 1921 1916 if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) ) 1922 1917 wp_send_json_error(); 1923 $attachment_data = wp_unslash( $_REQUEST['attachments'][ $id ] );1918 $attachment_data = $_REQUEST['attachments'][ $id ]; 1924 1919 1925 1920 check_ajax_referer( 'update-post_' . $id, 'nonce' ); 1926 1921 … … 1964 1959 1965 1960 check_ajax_referer( 'update-post_' . $post_id, 'nonce' ); 1966 1961 1967 $attachments = wp_unslash( $_REQUEST['attachments'] );1962 $attachments = $_REQUEST['attachments']; 1968 1963 1969 1964 if ( ! current_user_can( 'edit_post', $post_id ) ) 1970 1965 wp_send_json_error(); … … 1995 1990 function wp_ajax_send_attachment_to_editor() { 1996 1991 check_ajax_referer( 'media-send-to-editor', 'nonce' ); 1997 1992 1998 $attachment = wp_unslash( $_POST['attachment'] );1993 $attachment = stripslashes_deep( $_POST['attachment'] ); 1999 1994 2000 1995 $id = intval( $attachment['id'] ); 2001 1996 … … 2050 2045 function wp_ajax_send_link_to_editor() { 2051 2046 check_ajax_referer( 'media-send-to-editor', 'nonce' ); 2052 2047 2053 if ( ! $src = wp_unslash( $_POST['src'] ) )2048 if ( ! $src = stripslashes( $_POST['src'] ) ) 2054 2049 wp_send_json_error(); 2055 2050 2056 2051 if ( ! strpos( $src, '://' ) ) … … 2059 2054 if ( ! $src = esc_url_raw( $src ) ) 2060 2055 wp_send_json_error(); 2061 2056 2062 if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )2057 if ( ! $title = trim( stripslashes( $_POST['title'] ) ) ) 2063 2058 $title = wp_basename( $src ); 2064 2059 2065 2060 $html = ''; … … 2088 2083 $screen_id = 'site'; 2089 2084 2090 2085 if ( ! empty($_POST['data']) ) { 2091 $data = wp_unslash( (array) $_POST['data'] );2086 $data = (array) $_POST['data']; 2092 2087 // todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..? 2093 2088 $user = wp_get_current_user(); 2094 2089 $data['user_id'] = $user->exists() ? $user->ID : 0; -
wp-admin/includes/post.php
149 149 */ 150 150 function edit_post( $post_data = null ) { 151 151 152 if ( empty( $post_data) )153 $post_data = wp_unslash( $_POST );152 if ( empty($post_data) ) 153 $post_data = &$_POST; 154 154 155 155 // Clear out any data in internal vars. 156 156 unset( $post_data['filter'] ); … … 236 236 if ( 'attachment' == $post_data['post_type'] ) { 237 237 if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) { 238 238 $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true ); 239 if ( $image_alt != $post_data['_wp_attachment_image_alt'] ) { 240 $image_alt = wp_strip_all_tags( $post_data['_wp_attachment_image_alt'], true ); 241 wp_update_post_meta( $post_ID, '_wp_attachment_image_alt', $image_alt ); 239 if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) { 240 $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true ); 241 // update_meta expects slashed 242 update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) ); 242 243 } 243 244 } 244 245 … … 248 249 249 250 add_meta( $post_ID ); 250 251 251 wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );252 update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); 252 253 253 254 wp_update_post( $post_data ); 254 255 … … 429 430 430 431 $post_title = ''; 431 432 if ( !empty( $_REQUEST['post_title'] ) ) 432 $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));433 $post_title = esc_html( stripslashes( $_REQUEST['post_title'] )); 433 434 434 435 $post_content = ''; 435 436 if ( !empty( $_REQUEST['content'] ) ) 436 $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));437 $post_content = esc_html( stripslashes( $_REQUEST['content'] )); 437 438 438 439 $post_excerpt = ''; 439 440 if ( !empty( $_REQUEST['excerpt'] ) ) 440 $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));441 $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] )); 441 442 442 443 if ( $create_in_db ) { 443 444 $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) ); … … 486 487 function post_exists($title, $content = '', $date = '') { 487 488 global $wpdb; 488 489 489 $post_title = s anitize_post_field( 'post_title', $title, 0, 'db');490 $post_content = s anitize_post_field( 'post_content', $content, 0, 'db');491 $post_date = s anitize_post_field( 'post_date', $date, 0, 'db');490 $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); 491 $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); 492 $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); 492 493 493 494 $query = "SELECT ID FROM $wpdb->posts WHERE 1=1"; 494 495 $args = array(); … … 566 567 } 567 568 568 569 // Create the post. 569 $post_ID = wp_insert_post( wp_unslash( $_POST ));570 $post_ID = wp_insert_post( $_POST ); 570 571 if ( is_wp_error( $post_ID ) ) 571 572 return $post_ID; 572 573 … … 575 576 576 577 add_meta( $post_ID ); 577 578 578 wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );579 add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); 579 580 580 581 // Now that we have an ID we can fix any attachment anchor hrefs 581 582 _fix_attachment_links( $post_ID ); … … 619 620 global $wpdb; 620 621 $post_ID = (int) $post_ID; 621 622 622 $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';623 $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';624 $metavalue = isset($_POST['metavalue']) ? wp_unslash( trim( $_POST['metavalue'] ) ): '';623 $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; 624 $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; 625 $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; 625 626 if ( is_string( $metavalue ) ) 626 627 $metavalue = trim( $metavalue ); 627 628 … … 638 639 if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) 639 640 return false; 640 641 641 return wp_add_post_meta( $post_ID, $metakey, $metavalue ); 642 $metakey = esc_sql( $metakey ); 643 644 return add_post_meta( $post_ID, $metakey, $metavalue ); 642 645 } 643 646 644 647 return false; … … 711 714 * @since 1.2.0 712 715 * 713 716 * @param unknown_type $meta_id 714 * @param unknown_type $meta_key 715 * @param unknown_type $meta_value 717 * @param unknown_type $meta_key Expect Slashed 718 * @param unknown_type $meta_value Expect Slashed 716 719 * @return unknown 717 720 */ 718 721 function update_meta( $meta_id, $meta_key, $meta_value ) { 722 $meta_key = stripslashes( $meta_key ); 723 $meta_value = stripslashes_deep( $meta_value ); 724 719 725 return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); 720 726 } 721 727 … … 769 775 770 776 if ( $replace ) { 771 777 $post['post_content'] = $content; 778 // Escape data pulled from DB. 779 $post = add_magic_quotes($post); 772 780 773 781 return wp_update_post($post); 774 782 } … … 1179 1187 $now = time(); 1180 1188 $lock = "$now:$user_id"; 1181 1189 1182 wp_update_post_meta( $post->ID, '_edit_lock', $lock );1190 update_post_meta( $post->ID, '_edit_lock', $lock ); 1183 1191 return array( $now, $user_id ); 1184 1192 } 1185 1193 … … 1230 1238 1231 1239 // Only store one autosave. If there is already an autosave, overwrite it. 1232 1240 if ( $old_autosave = wp_get_post_autosave( $post_id ) ) { 1233 $new_autosave = _wp_post_revision_fields( wp_unslash( $_POST ), true );1241 $new_autosave = _wp_post_revision_fields( $_POST, true ); 1234 1242 $new_autosave['ID'] = $old_autosave->ID; 1235 1243 $new_autosave['post_author'] = get_current_user_id(); 1236 1244 return wp_update_post( $new_autosave ); 1237 1245 } 1238 1246 1239 1247 // _wp_put_post_revision() expects unescaped. 1240 $_POST = wp_unslash( $_POST);1248 $_POST = stripslashes_deep($_POST); 1241 1249 1242 1250 // Otherwise create the new autosave as a special post revision 1243 1251 return _wp_put_post_revision( $_POST, true ); -
wp-admin/includes/class-wp-users-list-table.php
241 241 // Check if the user for this row is editable 242 242 if ( current_user_can( 'list_users' ) ) { 243 243 // Set up the user editing link 244 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );244 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) ); 245 245 246 246 // Set up the hover actions for this user 247 247 $actions = array(); -
wp-admin/includes/dashboard.php
1093 1093 $widget_options[$widget_id]['number'] = $number; 1094 1094 1095 1095 if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) { 1096 $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );1096 $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] ); 1097 1097 $widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] ); 1098 1098 // title is optional. If black, fill it if possible 1099 1099 if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) { -
wp-admin/includes/class-wp-plugin-install-list-table.php
48 48 49 49 switch ( $tab ) { 50 50 case 'search': 51 $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';52 $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';51 $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; 52 $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; 53 53 54 54 switch ( $type ) { 55 55 case 'tag': … … 73 73 break; 74 74 75 75 case 'favorites': 76 $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );76 $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); 77 77 update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); 78 78 if ( $user ) 79 79 $args['user'] = $user; -
wp-admin/includes/class-wp-ms-themes-list-table.php
126 126 function _search_callback( $theme ) { 127 127 static $term; 128 128 if ( is_null( $term ) ) 129 $term = wp_unslash( $_REQUEST['s'] );129 $term = stripslashes( $_REQUEST['s'] ); 130 130 131 131 foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) { 132 132 // Don't mark up; Do translate. -
wp-admin/includes/upgrade.php
132 132 $first_post = get_site_option( 'first_post' ); 133 133 134 134 if ( empty($first_post) ) 135 $first_post = __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!');135 $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) ); 136 136 137 137 $first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post ); 138 138 $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); … … 636 636 $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); 637 637 foreach ( $users as $user ) : 638 638 if ( !empty( $user->user_firstname ) ) 639 update_user_meta( $user->ID, 'first_name', $ user->user_firstname);639 update_user_meta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) ); 640 640 if ( !empty( $user->user_lastname ) ) 641 update_user_meta( $user->ID, 'last_name', $ user->user_lastname);641 update_user_meta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) ); 642 642 if ( !empty( $user->user_nickname ) ) 643 update_user_meta( $user->ID, 'nickname', $ user->user_nickname);643 update_user_meta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) ); 644 644 if ( !empty( $user->user_level ) ) 645 645 update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level ); 646 646 if ( !empty( $user->user_icq ) ) 647 update_user_meta( $user->ID, 'icq', $ user->user_icq);647 update_user_meta( $user->ID, 'icq', $wpdb->escape($user->user_icq) ); 648 648 if ( !empty( $user->user_aim ) ) 649 update_user_meta( $user->ID, 'aim', $ user->user_aim);649 update_user_meta( $user->ID, 'aim', $wpdb->escape($user->user_aim) ); 650 650 if ( !empty( $user->user_msn ) ) 651 update_user_meta( $user->ID, 'msn', $ user->user_msn);651 update_user_meta( $user->ID, 'msn', $wpdb->escape($user->user_msn) ); 652 652 if ( !empty( $user->user_yim ) ) 653 update_user_meta( $user->ID, 'yim', $ user->user_icq);653 update_user_meta( $user->ID, 'yim', $wpdb->escape($user->user_icq) ); 654 654 if ( !empty( $user->user_description ) ) 655 update_user_meta( $user->ID, 'description', $ user->user_description);655 update_user_meta( $user->ID, 'description', $wpdb->escape($user->user_description) ); 656 656 657 657 if ( isset( $user->user_idmode ) ): 658 658 $idmode = $user->user_idmode; … … 854 854 foreach ( $link_cats as $category) { 855 855 $cat_id = (int) $category->cat_id; 856 856 $term_id = 0; 857 $name = $ category->cat_name;857 $name = $wpdb->escape($category->cat_name); 858 858 $slug = sanitize_title($name); 859 859 $term_group = 0; 860 860 -
wp-admin/includes/class-wp-theme-install-list-table.php
24 24 $search_terms = array(); 25 25 $search_string = ''; 26 26 if ( ! empty( $_REQUEST['s'] ) ){ 27 $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) );27 $search_string = strtolower( stripslashes( $_REQUEST['s'] ) ); 28 28 $search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) ); 29 29 } 30 30 … … 59 59 60 60 switch ( $tab ) { 61 61 case 'search': 62 $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';62 $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; 63 63 switch ( $type ) { 64 64 case 'tag': 65 65 $args['tag'] = array_map( 'sanitize_key', $search_terms ); -
wp-admin/includes/misc.php
220 220 * @return string 221 221 */ 222 222 function url_shorten( $url ) { 223 $short_url = str_replace( 'http://', '', $url);223 $short_url = str_replace( 'http://', '', stripslashes( $url )); 224 224 $short_url = str_replace( 'www.', '', $short_url ); 225 225 $short_url = untrailingslashit( $short_url ); 226 226 if ( strlen( $short_url ) > 35 ) … … 248 248 if ( empty( $_GET[$var] ) ) 249 249 $$var = ''; 250 250 else 251 $$var = wp_unslash( $_GET[$var] );251 $$var = $_GET[$var]; 252 252 } else { 253 $$var = wp_unslash( $_POST[$var] );253 $$var = $_POST[$var]; 254 254 } 255 255 } 256 256 } … … 323 323 324 324 if ( !$user = wp_get_current_user() ) 325 325 return; 326 $option = wp_unslash( $_POST['wp_screen_options']['option'] );327 $value = wp_unslash( $_POST['wp_screen_options']['value'] );326 $option = $_POST['wp_screen_options']['option']; 327 $value = $_POST['wp_screen_options']['value']; 328 328 329 329 if ( $option != sanitize_key( $option ) ) 330 330 return; -
wp-admin/includes/deprecated.php
472 472 function WP_User_Search ($search_term = '', $page = '', $role = '') { 473 473 _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' ); 474 474 475 $this->search_term = $search_term;475 $this->search_term = stripslashes( $search_term ); 476 476 $this->raw_page = ( '' == $page ) ? false : (int) $page; 477 477 $this->page = (int) ( '' == $page ) ? 1 : $page; 478 478 $this->role = $role; 479 479 480 480 $this->prepare_query(); 481 481 $this->query(); 482 $this->prepare_vars_for_template_usage(); 482 483 $this->do_paging(); 483 484 } 484 485 … … 549 550 * @since 2.1.0 550 551 * @access public 551 552 */ 552 function prepare_vars_for_template_usage() {} 553 function prepare_vars_for_template_usage() { 554 $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone 555 } 553 556 554 557 /** 555 558 * {@internal Missing Short Description}} -
wp-admin/includes/class-wp-upgrader.php
1427 1427 1428 1428 $install_actions = array(); 1429 1429 1430 $from = isset($_GET['from']) ? wp_unslash( $_GET['from']) : 'plugins';1430 $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins'; 1431 1431 1432 1432 if ( 'import' == $from ) 1433 1433 $install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&from=import&plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin & Run Importer') . '</a>'; -
wp-admin/includes/schema.php
505 505 else 506 506 $autoload = 'yes'; 507 507 508 $option = $wpdb->escape($option); 508 509 if ( is_array($value) ) 509 510 $value = serialize($value); 511 $value = $wpdb->escape($value); 510 512 if ( !empty($insert) ) 511 513 $insert .= ', '; 512 $insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload );514 $insert .= "('$option', '$value', '$autoload')"; 513 515 } 514 516 515 517 if ( !empty($insert) ) … … 919 921 920 922 $insert = ''; 921 923 foreach ( $sitemeta as $meta_key => $meta_value ) { 924 $meta_key = $wpdb->escape( $meta_key ); 922 925 if ( is_array( $meta_value ) ) 923 926 $meta_value = serialize( $meta_value ); 927 $meta_value = $wpdb->escape( $meta_value ); 924 928 if ( !empty( $insert ) ) 925 929 $insert .= ', '; 926 $insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value );930 $insert .= "( $network_id, '$meta_key', '$meta_value')"; 927 931 } 928 932 $wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert ); 929 933 -
wp-admin/includes/comment.php
19 19 function comment_exists($comment_author, $comment_date) { 20 20 global $wpdb; 21 21 22 $comment_author = stripslashes($comment_author); 23 $comment_date = stripslashes($comment_date); 24 22 25 return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments 23 26 WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); 24 27 } … … 30 33 */ 31 34 function edit_comment() { 32 35 33 $post_data = wp_unslash( $_POST ); 34 35 if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) ) 36 if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) ) 36 37 wp_die ( __( 'You are not allowed to edit comments on this post.' ) ); 37 38 38 $ post_data['comment_author'] = $post_data['newcomment_author'];39 $ post_data['comment_author_email'] = $post_data['newcomment_author_email'];40 $ post_data['comment_author_url'] = $post_data['newcomment_author_url'];41 $ post_data['comment_approved'] = $post_data['comment_status'];42 $ post_data['comment_content'] = $post_data['content'];43 $ post_data['comment_ID'] = (int) $post_data['comment_ID'];39 $_POST['comment_author'] = $_POST['newcomment_author']; 40 $_POST['comment_author_email'] = $_POST['newcomment_author_email']; 41 $_POST['comment_author_url'] = $_POST['newcomment_author_url']; 42 $_POST['comment_approved'] = $_POST['comment_status']; 43 $_POST['comment_content'] = $_POST['content']; 44 $_POST['comment_ID'] = (int) $_POST['comment_ID']; 44 45 45 46 foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { 46 if ( !empty( $ post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {47 if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { 47 48 $_POST['edit_date'] = '1'; 48 49 break; 49 50 } 50 51 } 51 52 52 if ( !empty ( $ post_data['edit_date'] ) ) {53 $aa = $ post_data['aa'];54 $mm = $ post_data['mm'];55 $jj = $ post_data['jj'];56 $hh = $ post_data['hh'];57 $mn = $ post_data['mn'];58 $ss = $ post_data['ss'];53 if ( !empty ( $_POST['edit_date'] ) ) { 54 $aa = $_POST['aa']; 55 $mm = $_POST['mm']; 56 $jj = $_POST['jj']; 57 $hh = $_POST['hh']; 58 $mn = $_POST['mn']; 59 $ss = $_POST['ss']; 59 60 $jj = ($jj > 31 ) ? 31 : $jj; 60 61 $hh = ($hh > 23 ) ? $hh -24 : $hh; 61 62 $mn = ($mn > 59 ) ? $mn -60 : $mn; 62 63 $ss = ($ss > 59 ) ? $ss -60 : $ss; 63 $ post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";64 $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 64 65 } 65 66 66 wp_update_comment( $ post_data);67 wp_update_comment( $_POST ); 67 68 } 68 69 69 70 /** -
wp-admin/includes/class-wp-ms-users-list-table.php
173 173 174 174 case 'username': 175 175 $avatar = get_avatar( $user->user_email, 32 ); 176 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );176 $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) ); 177 177 178 178 echo "<td $attributes>"; ?> 179 <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php179 <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo stripslashes( $user->user_login ); ?></a><?php 180 180 if ( in_array( $user->user_login, $super_admins ) ) 181 181 echo ' - ' . __( 'Super Admin' ); 182 182 ?></strong> … … 186 186 $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>'; 187 187 188 188 if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) { 189 $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';189 $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>'; 190 190 } 191 191 192 192 $actions = apply_filters( 'ms_user_row_actions', $actions, $user ); -
wp-admin/includes/image-edit.php
454 454 if ( is_wp_error( $img ) ) 455 455 return false; 456 456 457 $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash( $_REQUEST['history']) ) : null;457 $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null; 458 458 if ( $changes ) 459 459 $img = image_edit_apply_changes( $img, $changes ); 460 460 … … 533 533 } 534 534 } 535 535 536 if ( !wp_update_attachment_metadata($post_id, $meta) || ! wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {536 if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { 537 537 $msg->error = __('Cannot save image metadata.'); 538 538 return $msg; 539 539 } … … 587 587 return $return; 588 588 } 589 589 } elseif ( !empty($_REQUEST['history']) ) { 590 $changes = json_decode( wp_unslash( $_REQUEST['history']) );590 $changes = json_decode( stripslashes($_REQUEST['history']) ); 591 591 if ( $changes ) 592 592 $img = image_edit_apply_changes($img, $changes); 593 593 } else { … … 699 699 700 700 if ( $success ) { 701 701 wp_update_attachment_metadata( $post_id, $meta ); 702 wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);702 update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); 703 703 704 704 if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) { 705 705 // Check if it's an image edit from attachment edit screen -
wp-admin/includes/class-wp-plugins-list-table.php
22 22 $status = $_REQUEST['plugin_status']; 23 23 24 24 if ( isset($_REQUEST['s']) ) 25 $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );25 $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) ); 26 26 27 27 $page = $this->get_pagenum(); 28 28 } … … 140 140 function _search_callback( $plugin ) { 141 141 static $term; 142 142 if ( is_null( $term ) ) 143 $term = wp_unslash( $_REQUEST['s'] );143 $term = stripslashes( $_REQUEST['s'] ); 144 144 145 145 foreach ( $plugin as $value ) 146 146 if ( stripos( $value, $term ) !== false ) -
wp-admin/includes/theme-install.php
50 50 * @since 2.8.0 51 51 */ 52 52 function install_theme_search_form( $type_selector = true ) { 53 $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';54 $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';53 $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; 54 $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; 55 55 if ( ! $type_selector ) 56 56 echo '<p class="install-help">' . __( 'Search for themes by keyword.' ) . '</p>'; 57 57 ?> … … 179 179 function install_theme_information() { 180 180 global $tab, $themes_allowedtags, $wp_list_table; 181 181 182 $theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) );182 $theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) ); 183 183 184 184 if ( is_wp_error( $theme ) ) 185 185 wp_die( $theme ); -
wp-admin/includes/class-wp-themes-list-table.php
28 28 $themes = wp_get_themes( array( 'allowed' => true ) ); 29 29 30 30 if ( ! empty( $_REQUEST['s'] ) ) 31 $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) );31 $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) ); 32 32 33 33 if ( ! empty( $_REQUEST['features'] ) ) 34 34 $this->features = $_REQUEST['features']; … … 235 235 * @uses _pagination_args['total_pages'] 236 236 */ 237 237 function _js_vars( $extra_args = array() ) { 238 $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';238 $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : ''; 239 239 240 240 $args = array( 241 241 'search' => $search_string, -
wp-admin/includes/class-wp-comments-list-table.php
170 170 /* 171 171 // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark 172 172 if ( !empty( $_REQUEST['s'] ) ) 173 $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );173 $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link ); 174 174 */ 175 175 $status_links[$status] = "<a href='$link'$class>" . sprintf( 176 176 translate_nooped_plural( $label, $num_comments->$status ), -
wp-admin/includes/template.php
1333 1333 * 1334 1334 */ 1335 1335 function _admin_search_query() { 1336 echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';1336 echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : ''; 1337 1337 } 1338 1338 1339 1339 /** -
wp-admin/includes/user.php
34 34 $update = true; 35 35 $user->ID = (int) $user_id; 36 36 $userdata = get_userdata( $user_id ); 37 $user->user_login = $ userdata->user_login;37 $user->user_login = $wpdb->escape( $userdata->user_login ); 38 38 } else { 39 39 $update = false; 40 40 } 41 41 42 // get clean data before we get started.43 $post_data = wp_unslash( $_POST);42 if ( !$update && isset( $_POST['user_login'] ) ) 43 $user->user_login = sanitize_user($_POST['user_login'], true); 44 44 45 if ( !$update && isset( $post_data['user_login'] ) )46 $user->user_login = sanitize_user($post_data['user_login'], true);47 48 45 $pass1 = $pass2 = ''; 49 if ( isset( $ post_data['pass1'] ))50 $pass1 = $ post_data['pass1'];51 if ( isset( $ post_data['pass2'] ))52 $pass2 = $ post_data['pass2'];46 if ( isset( $_POST['pass1'] )) 47 $pass1 = $_POST['pass1']; 48 if ( isset( $_POST['pass2'] )) 49 $pass2 = $_POST['pass2']; 53 50 54 if ( isset( $ post_data['role'] ) && current_user_can( 'edit_users' ) ) {55 $new_role = sanitize_text_field( $ post_data['role'] );51 if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { 52 $new_role = sanitize_text_field( $_POST['role'] ); 56 53 $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; 57 54 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 58 55 // Multisite super admins can freely edit their blog roles -- they possess all caps. … … 65 62 wp_die(__('You can’t give users that role.')); 66 63 } 67 64 68 if ( isset( $ post_data['email'] ))69 $user->user_email = sanitize_text_field( $ post_data['email'] );70 if ( isset( $ post_data['url'] ) ) {71 if ( empty ( $ post_data['url'] ) || $post_data['url'] == 'http://' ) {65 if ( isset( $_POST['email'] )) 66 $user->user_email = sanitize_text_field( $_POST['email'] ); 67 if ( isset( $_POST['url'] ) ) { 68 if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { 72 69 $user->user_url = ''; 73 70 } else { 74 $user->user_url = esc_url_raw( $ post_data['url'] );71 $user->user_url = esc_url_raw( $_POST['url'] ); 75 72 $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); 76 73 $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 77 74 } 78 75 } 79 if ( isset( $ post_data['first_name'] ) )80 $user->first_name = sanitize_text_field( $ post_data['first_name'] );81 if ( isset( $ post_data['last_name'] ) )82 $user->last_name = sanitize_text_field( $ post_data['last_name'] );83 if ( isset( $ post_data['nickname'] ) )84 $user->nickname = sanitize_text_field( $ post_data['nickname'] );85 if ( isset( $ post_data['display_name'] ) )86 $user->display_name = sanitize_text_field( $ post_data['display_name'] );76 if ( isset( $_POST['first_name'] ) ) 77 $user->first_name = sanitize_text_field( $_POST['first_name'] ); 78 if ( isset( $_POST['last_name'] ) ) 79 $user->last_name = sanitize_text_field( $_POST['last_name'] ); 80 if ( isset( $_POST['nickname'] ) ) 81 $user->nickname = sanitize_text_field( $_POST['nickname'] ); 82 if ( isset( $_POST['display_name'] ) ) 83 $user->display_name = sanitize_text_field( $_POST['display_name'] ); 87 84 88 if ( isset( $ post_data['description'] ) )89 $user->description = trim( $ post_data['description'] );85 if ( isset( $_POST['description'] ) ) 86 $user->description = trim( $_POST['description'] ); 90 87 91 88 foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) { 92 if ( isset( $ post_data[$method] ))93 $user->$method = sanitize_text_field( $ post_data[$method] );89 if ( isset( $_POST[$method] )) 90 $user->$method = sanitize_text_field( $_POST[$method] ); 94 91 } 95 92 96 93 if ( $update ) { 97 $user->rich_editing = isset( $ post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true';98 $user->admin_color = isset( $ post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh';99 $user->show_admin_bar_front = isset( $ post_data['admin_bar_front'] ) ? 'true' : 'false';94 $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; 95 $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; 96 $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; 100 97 } 101 98 102 $user->comment_shortcuts = isset( $ post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : '';99 $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; 103 100 104 101 $user->use_ssl = 0; 105 if ( !empty($ post_data['use_ssl']) )102 if ( !empty($_POST['use_ssl']) ) 106 103 $user->use_ssl = 1; 107 104 108 105 $errors = new WP_Error(); … … 127 124 } 128 125 129 126 /* Check for "\" in password */ 130 if ( false !== strpos( $pass1, "\\" ) )127 if ( false !== strpos( stripslashes($pass1), "\\" ) ) 131 128 $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); 132 129 133 130 /* checking the password has been typed twice the same */ … … 137 134 if ( !empty( $pass1 ) ) 138 135 $user->user_pass = $pass1; 139 136 140 if ( !$update && isset( $ post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) )137 if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) 141 138 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' )); 142 139 143 140 if ( !$update && username_exists( $user->user_login ) ) … … 162 159 $user_id = wp_update_user( $user ); 163 160 } else { 164 161 $user_id = wp_insert_user( $user ); 165 wp_new_user_notification( $user_id, isset($ post_data['send_password']) ? $pass1 : '' );162 wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' ); 166 163 } 167 164 return $user_id; 168 165 } -
wp-admin/includes/media.php
444 444 } 445 445 446 446 if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { 447 $attachment = wp_unslash( $attachment );448 449 447 $post = $_post = get_post($attachment_id, ARRAY_A); 450 448 $post_type_object = get_post_type_object( $post[ 'post_type' ] ); 451 449 … … 470 468 471 469 if ( isset($attachment['image_alt']) ) { 472 470 $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true); 473 if ( $image_alt != $attachment['image_alt'] ) { 474 $image_alt = wp_strip_all_tags( $attachment['image_alt'], true ); 475 wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt ); 471 if ( $image_alt != stripslashes($attachment['image_alt']) ) { 472 $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true ); 473 // update_meta expects slashed 474 update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) ); 476 475 } 477 476 } 478 477 … … 502 501 } 503 502 504 503 if ( isset($send_id) ) { 505 $attachment = wp_unslash( $_POST['attachments'][$send_id] );504 $attachment = stripslashes_deep( $_POST['attachments'][$send_id] ); 506 505 507 506 $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : ''; 508 507 if ( !empty($attachment['url']) ) { … … 547 546 $src = "http://$src"; 548 547 549 548 if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) { 550 $title = esc_html( wp_unslash( $_POST['title'] ) );549 $title = esc_html( stripslashes( $_POST['title'] ) ); 551 550 if ( empty( $title ) ) 552 551 $title = esc_html( basename( $src ) ); 553 552 … … 562 561 $html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title ); 563 562 } else { 564 563 $align = ''; 565 $alt = esc_attr( wp_unslash( $_POST['alt'] ) );564 $alt = esc_attr( stripslashes( $_POST['alt'] ) ); 566 565 if ( isset($_POST['align']) ) { 567 $align = esc_attr( wp_unslash( $_POST['align'] ) );566 $align = esc_attr( stripslashes( $_POST['align'] ) ); 568 567 $class = " class='align$align'"; 569 568 } 570 569 if ( !empty($src) ) -
wp-admin/edit-tags.php
47 47 if ( !current_user_can( $tax->cap->edit_terms ) ) 48 48 wp_die( __( 'Cheatin’ uh?' ) ); 49 49 50 $post_data = wp_unslash( $_POST ); 51 52 $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); 50 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); 53 51 $location = 'edit-tags.php?taxonomy=' . $taxonomy; 54 52 if ( 'post' != $post_type ) 55 53 $location .= '&post_type=' . $post_type; … … 134 132 break; 135 133 136 134 case 'editedtag': 137 138 $post_data = wp_unslash( $_POST ); 139 140 $tag_ID = (int) $post_data['tag_ID']; 135 $tag_ID = (int) $_POST['tag_ID']; 141 136 check_admin_referer( 'update-tag_' . $tag_ID ); 142 137 143 138 if ( !current_user_can( $tax->cap->edit_terms ) ) … … 147 142 if ( ! $tag ) 148 143 wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); 149 144 150 $ret = wp_update_term( $tag_ID, $taxonomy, $ post_data);145 $ret = wp_update_term( $tag_ID, $taxonomy, $_POST ); 151 146 152 147 $location = 'edit-tags.php?taxonomy=' . $taxonomy; 153 148 if ( 'post' != $post_type ) … … 169 164 170 165 default: 171 166 if ( ! empty($_REQUEST['_wp_http_referer']) ) { 172 $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI']) );167 $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ); 173 168 174 169 if ( ! empty( $_REQUEST['paged'] ) ) 175 170 $location = add_query_arg( 'paged', (int) $_REQUEST['paged'] ); … … 269 264 <div class="wrap nosubsub"> 270 265 <?php screen_icon(); ?> 271 266 <h2><?php echo esc_html( $title ); 272 if ( ! 273 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( wp_unslash( $_REQUEST['s']) ) ); ?>267 if ( !empty($_REQUEST['s']) ) 268 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?> 274 269 </h2> 275 270 276 271 <?php if ( isset($_REQUEST['message']) && ( $msg = (int) $_REQUEST['message'] ) ) : ?> -
wp-admin/update.php
26 26 check_admin_referer( 'bulk-update-plugins' ); 27 27 28 28 if ( isset( $_GET['plugins'] ) ) 29 $plugins = explode( ',', wp_unslash($_GET['plugins']) );29 $plugins = explode( ',', stripslashes($_GET['plugins']) ); 30 30 elseif ( isset( $_POST['checked'] ) ) 31 31 $plugins = (array) $_POST['checked']; 32 32 else … … 109 109 $nonce = 'install-plugin_' . $plugin; 110 110 $url = 'update.php?action=install-plugin&plugin=' . $plugin; 111 111 if ( isset($_GET['from']) ) 112 $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ));112 $url .= '&from=' . urlencode(stripslashes($_GET['from'])); 113 113 114 114 $type = 'web'; //Install plugin type, From Web or an Upload. 115 115 … … 173 173 check_admin_referer( 'bulk-update-themes' ); 174 174 175 175 if ( isset( $_GET['themes'] ) ) 176 $themes = explode( ',', wp_unslash( $_GET['themes']) );176 $themes = explode( ',', stripslashes($_GET['themes']) ); 177 177 elseif ( isset( $_POST['checked'] ) ) 178 178 $themes = (array) $_POST['checked']; 179 179 else -
wp-admin/theme-editor.php
68 68 $relative_file = 'style.css'; 69 69 $file = $allowed_files['style.css']; 70 70 } else { 71 $relative_file = $file;71 $relative_file = stripslashes( $file ); 72 72 $file = $theme->get_stylesheet_directory() . '/' . $relative_file; 73 73 } 74 74 … … 78 78 switch( $action ) { 79 79 case 'update': 80 80 check_admin_referer( 'edit-theme_' . $file . $stylesheet ); 81 $newcontent = wp_unslash( $_POST['newcontent'] );81 $newcontent = stripslashes( $_POST['newcontent'] ); 82 82 $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto; 83 83 if ( is_writeable( $file ) ) { 84 84 //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable -
wp-admin/admin.php
43 43 do_action('after_db_upgrade'); 44 44 } elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) { 45 45 if ( !is_multisite() ) { 46 wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ));46 wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI'])))); 47 47 exit; 48 48 } elseif ( apply_filters( 'do_mu_upgrade', true ) ) { 49 49 /** … … 82 82 $editing = false; 83 83 84 84 if ( isset($_GET['page']) ) { 85 $plugin_page = wp_unslash( $_GET['page']);85 $plugin_page = stripslashes($_GET['page']); 86 86 $plugin_page = plugin_basename($plugin_page); 87 87 } 88 88 -
wp-admin/custom-header.php
948 948 'width' => $choice['width'], 949 949 ); 950 950 951 wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );951 update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); 952 952 set_theme_mod( 'header_image', $choice['url'] ); 953 953 set_theme_mod( 'header_image_data', $header_image_data ); 954 954 return; -
wp-admin/user-new.php
112 112 } 113 113 } else { 114 114 // Adding a new user to this blog 115 $user_details = wpmu_validate_user_signup( wp_unslash( $_REQUEST[ 'user_login' ] ), wp_unslash( $_REQUEST[ 'email' ] ));115 $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] ); 116 116 if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) { 117 117 $add_user_errors = $user_details[ 'errors' ]; 118 118 } else { 119 $new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ));119 $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true)); 120 120 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { 121 121 add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email 122 122 } 123 wpmu_signup_user( $new_user_login, wp_unslash( $_REQUEST[ 'email' ] ), array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );123 wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); 124 124 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { 125 125 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) ); 126 126 wpmu_activate_signup( $key ); … … 309 309 $var = "new_user_$var"; 310 310 if( isset( $_POST['createuser'] ) ) { 311 311 if ( ! isset($$var) ) 312 $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';312 $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : ''; 313 313 } else { 314 314 $$var = false; 315 315 } -
wp-admin/media.php
32 32 } 33 33 if ( false !== strpos($location, 'upload.php') ) { 34 34 $location = remove_query_arg('message', $location); 35 $location = add_query_arg('posted', 35 $location = add_query_arg('posted', $attachment_id, $location); 36 36 } elseif ( false !== strpos($location, 'media.php') ) { 37 37 $location = add_query_arg('message', 'updated', $location); 38 38 } -
wp-admin/edit-link-form.php
126 126 if ( $link_id ) : ?> 127 127 <input type="hidden" name="action" value="save" /> 128 128 <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" /> 129 <input type="hidden" name="order_by" value="<?php echo esc_attr($order_by); ?>" /> 129 130 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /> 130 131 <?php else: ?> 131 132 <input type="hidden" name="action" value="add" /> -
wp-admin/upload.php
132 132 wp_redirect( $location ); 133 133 exit; 134 134 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { 135 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );135 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); 136 136 exit; 137 137 } 138 138 -
wp-admin/edit-form-comment.php
132 132 133 133 <input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" /> 134 134 <input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" /> 135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_get_referer()); ?>" />135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 136 136 <?php wp_original_referer_field(true, 'previous'); ?> 137 137 <input type="hidden" name="noredir" value="1" /> 138 138 -
wp-admin/edit-form-advanced.php
314 314 <input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" /> 315 315 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" /> 316 316 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" /> 317 <input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url( wp_get_referer()); ?>" />317 <input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" /> 318 318 <?php if ( ! empty( $active_post_lock ) ) { ?> 319 319 <input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" /> 320 320 <?php -
wp-admin/network/site-new.php
38 38 39 39 if ( ! is_array( $_POST['blog'] ) ) 40 40 wp_die( __( 'Can’t create an empty site.' ) ); 41 $blog = wp_unslash( $_POST['blog'] );41 $blog = $_POST['blog']; 42 42 $domain = ''; 43 43 if ( preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) ) 44 44 $domain = strtolower( $blog['domain'] ); … … 88 88 $content_mail = sprintf( __( 'New site created by %1$s 89 89 90 90 Address: %2$s 91 Name: %3$s' ), $current_user->user_login , get_site_url( $id ), $title);91 Name: %3$s' ), $current_user->user_login , get_site_url( $id ), stripslashes( $title ) ); 92 92 wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' ); 93 93 wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) ); 94 94 wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) ); -
wp-admin/network/site-info.php
62 62 delete_option( 'rewrite_rules' ); 63 63 64 64 // update blogs table 65 $blog_data = wp_unslash( $_POST['blog'] );65 $blog_data = stripslashes_deep( $_POST['blog'] ); 66 66 $existing_details = get_blog_details( $id, false ); 67 67 $blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' ); 68 68 foreach ( $blog_data_checkboxes as $c ) { -
wp-admin/network/settings.php
61 61 foreach ( $options as $option_name ) { 62 62 if ( ! isset($_POST[$option_name]) ) 63 63 continue; 64 $value = wp_unslash( $_POST[$option_name] );64 $value = stripslashes_deep( $_POST[$option_name] ); 65 65 update_site_option( $option_name, $value ); 66 66 } 67 67 … … 181 181 <th scope="row"><label for="welcome_email"><?php _e( 'Welcome Email' ) ?></label></th> 182 182 <td> 183 183 <textarea name="welcome_email" id="welcome_email" rows="5" cols="45" class="large-text"> 184 <?php echo esc_textarea( get_site_option( 'welcome_email') ) ?></textarea>184 <?php echo esc_textarea( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea> 185 185 <br /> 186 186 <?php _e( 'The welcome email sent to new site owners.' ) ?> 187 187 </td> … … 190 190 <th scope="row"><label for="welcome_user_email"><?php _e( 'Welcome User Email' ) ?></label></th> 191 191 <td> 192 192 <textarea name="welcome_user_email" id="welcome_user_email" rows="5" cols="45" class="large-text"> 193 <?php echo esc_textarea( get_site_option( 'welcome_user_email') ) ?></textarea>193 <?php echo esc_textarea( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea> 194 194 <br /> 195 195 <?php _e( 'The welcome email sent to new users.' ) ?> 196 196 </td> … … 199 199 <th scope="row"><label for="first_post"><?php _e( 'First Post' ) ?></label></th> 200 200 <td> 201 201 <textarea name="first_post" id="first_post" rows="5" cols="45" class="large-text"> 202 <?php echo esc_textarea( get_site_option( 'first_post') ) ?></textarea>202 <?php echo esc_textarea( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea> 203 203 <br /> 204 204 <?php _e( 'The first post on a new site.' ) ?> 205 205 </td> … … 208 208 <th scope="row"><label for="first_page"><?php _e( 'First Page' ) ?></label></th> 209 209 <td> 210 210 <textarea name="first_page" id="first_page" rows="5" cols="45" class="large-text"> 211 <?php echo esc_textarea( get_site_option( 'first_page') ) ?></textarea>211 <?php echo esc_textarea( stripslashes( get_site_option('first_page') ) ) ?></textarea> 212 212 <br /> 213 213 <?php _e( 'The first page on a new site.' ) ?> 214 214 </td> … … 217 217 <th scope="row"><label for="first_comment"><?php _e( 'First Comment' ) ?></label></th> 218 218 <td> 219 219 <textarea name="first_comment" id="first_comment" rows="5" cols="45" class="large-text"> 220 <?php echo esc_textarea( get_site_option( 'first_comment') ) ?></textarea>220 <?php echo esc_textarea( stripslashes( get_site_option('first_comment') ) ) ?></textarea> 221 221 <br /> 222 222 <?php _e( 'The first comment on a new site.' ) ?> 223 223 </td> -
wp-admin/network/site-settings.php
53 53 $count = count( $_POST['option'] ); 54 54 $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form. 55 55 foreach ( (array) $_POST['option'] as $key => $val ) { 56 $key = wp_unslash( $key );57 $val = wp_unslash( $val );58 56 if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) ) 59 57 continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options 60 58 if ( $c == $count ) 61 update_option( $key, $val);59 update_option( $key, stripslashes( $val ) ); 62 60 else 63 update_option( $key, $val, false ); // no need to refresh blog details yet61 update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet 64 62 $c++; 65 63 } 66 64 -
wp-admin/network/sites.php
79 79 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 80 80 <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" /> 81 81 <?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?> 82 <p><?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?></p>82 <p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p> 83 83 <?php submit_button( __('Confirm'), 'button' ); ?> 84 84 </form> 85 85 </body> -
wp-admin/nav-menus.php
93 93 if ( ! is_wp_error( $parent_object ) ) { 94 94 $parent_data = (array) $parent_object; 95 95 $menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent']; 96 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );96 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 97 97 98 98 } 99 99 … … 103 103 $menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1; 104 104 105 105 $menu_item_data['menu_item_parent'] = $next_item_data['ID']; 106 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );106 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 107 107 108 108 wp_update_post($menu_item_data); 109 109 wp_update_post($next_item_data); … … 115 115 in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids ) 116 116 ) { 117 117 $menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true); 118 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );118 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 119 119 } 120 120 } 121 121 } … … 190 190 $menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1; 191 191 192 192 // save changes 193 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );193 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 194 194 wp_update_post($menu_item_data); 195 195 wp_update_post($parent_data); 196 196 } … … 205 205 ) { 206 206 // just make it a child of the previous; keep the order 207 207 $menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1]; 208 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );208 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 209 209 wp_update_post($menu_item_data); 210 210 } 211 211 } -
wp-admin/edit.php
138 138 wp_redirect($sendback); 139 139 exit(); 140 140 } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) { 141 wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI']) ) );141 wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) ); 142 142 exit; 143 143 } 144 144 -
wp-admin/upgrade.php
77 77 <?php else : 78 78 switch ( $step ) : 79 79 case 0: 80 $goback = wp_get_referer();80 $goback = stripslashes( wp_get_referer() ); 81 81 $goback = esc_url_raw( $goback ); 82 82 $goback = urlencode( $goback ); 83 83 ?> … … 90 90 case 1: 91 91 wp_upgrade(); 92 92 93 $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';93 $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/'; 94 94 $backto = esc_url( $backto ); 95 95 $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/'); 96 96 ?> -
wp-admin/options.php
120 120 if ( 'options' == $option_page ) { 121 121 if ( is_multisite() && ! is_super_admin() ) 122 122 wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) ); 123 $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );123 $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) ); 124 124 } else { 125 125 $options = $whitelist_options[ $option_page ]; 126 126 } 127 127 128 128 // Handle custom date/time formats 129 129 if ( 'general' == $option_page ) { 130 if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )130 if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) ) 131 131 $_POST['date_format'] = $_POST['date_format_custom']; 132 if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )132 if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) ) 133 133 $_POST['time_format'] = $_POST['time_format_custom']; 134 134 // Map UTC+- timezones to gmt_offsets and set timezone_string to empty. 135 135 if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) { … … 150 150 $value = $_POST[ $option ]; 151 151 if ( ! is_array( $value ) ) 152 152 $value = trim( $value ); 153 $value = wp_unslash( $value );153 $value = stripslashes_deep( $value ); 154 154 } 155 155 update_option( $option, $value ); 156 156 } -
wp-admin/user-edit.php
54 54 '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>' 55 55 ); 56 56 57 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer);57 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); 58 58 59 59 $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' ); 60 60 -
wp-admin/press-this.php
91 91 } 92 92 93 93 // Set Variables 94 $title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';94 $title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; 95 95 96 96 $selection = ''; 97 97 if ( !empty($_GET['s']) ) { 98 $selection = str_replace(''', "'", wp_unslash($_GET['s']));98 $selection = str_replace(''', "'", stripslashes($_GET['s'])); 99 99 $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); 100 100 } 101 101 -
wp-admin/setup-config.php
164 164 165 165 case 2: 166 166 foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key ) 167 $$key = trim( wp_unslash( $_POST[ $key ] ) );167 $$key = trim( stripslashes( $_POST[ $key ] ) ); 168 168 169 169 $tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>'; 170 170 -
wp-admin/link-manager.php
31 31 exit; 32 32 } 33 33 } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { 34 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );34 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); 35 35 exit; 36 36 } 37 37 … … 72 72 <?php screen_icon(); ?> 73 73 <h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php 74 74 if ( !empty($_REQUEST['s']) ) 75 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>75 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?> 76 76 </h2> 77 77 78 78 <?php -
wp-admin/install.php
84 84 if ( ! empty( $_POST ) ) 85 85 $blog_public = isset( $_POST['blog_public'] ); 86 86 87 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';88 $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';89 $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';90 $admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';87 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : ''; 88 $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin'; 89 $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : ''; 90 $admin_email = isset( $_POST['admin_email'] ) ? trim( stripslashes( $_POST['admin_email'] ) ) : ''; 91 91 92 92 if ( ! is_null( $error ) ) { 93 93 ?> … … 189 189 190 190 display_header(); 191 191 // Fill in the data we gathered 192 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';193 $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';194 $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ): '';195 $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ): '';196 $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';192 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : ''; 193 $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin'; 194 $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : ''; 195 $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : ''; 196 $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : ''; 197 197 $public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0; 198 198 // check e-mail address 199 199 $error = false; -
wp-admin/plugin-editor.php
28 28 wp_die( __('There are no plugins installed on this site.') ); 29 29 30 30 if ( isset($_REQUEST['file']) ) 31 $plugin = wp_unslash($_REQUEST['file']);31 $plugin = stripslashes($_REQUEST['file']); 32 32 33 33 if ( empty($plugin) ) { 34 34 $plugin = array_keys($plugins); … … 39 39 40 40 if ( empty($file) ) 41 41 $file = $plugin_files[0]; 42 else 43 $file = stripslashes($file); 42 44 43 45 $file = validate_file_to_edit($file, $plugin_files); 44 46 $real_file = WP_PLUGIN_DIR . '/' . $file; … … 50 52 51 53 check_admin_referer('edit-plugin_' . $file); 52 54 53 $newcontent = wp_unslash( $_POST['newcontent']);55 $newcontent = stripslashes($_POST['newcontent']); 54 56 if ( is_writeable($real_file) ) { 55 57 $f = fopen($real_file, 'w+'); 56 58 fwrite($f, $newcontent); -
wp-admin/custom-background.php
378 378 379 379 // Add the meta-data 380 380 wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); 381 wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );381 update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); 382 382 383 383 set_theme_mod('background_image', esc_url_raw($url)); 384 384 … … 415 415 if ( in_array( $_POST['size'], $sizes ) ) 416 416 $size = esc_attr( $_POST['size'] ); 417 417 418 wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );418 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); 419 419 $url = wp_get_attachment_image_src( $attachment_id, $size ); 420 420 $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' ); 421 421 set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );