WordPress.org

Make WordPress Core

Ticket #21767: slash-sanity-20120901.diff

File slash-sanity-20120901.diff, 52.6 KB (added by alexkingorg, 7 years ago)

The patch

  • wp-comments-post.php

     
    4747        do_action('pre_comment_on_post', $comment_post_ID);
    4848}
    4949
    50 $comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
    51 $comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
    52 $comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
    53 $comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
     50$comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags(stripslashes($_POST['author']))) : null;
     51$comment_author_email = ( isset($_POST['email']) )   ? trim(stripslashes($_POST['email'])) : null;
     52$comment_author_url   = ( isset($_POST['url']) )     ? trim(stripslashes($_POST['url'])) : null;
     53$comment_content      = ( isset($_POST['comment']) ) ? trim(stripslashes($_POST['comment'])) : null;
    5454
    5555// If the user is logged in
    5656$user = wp_get_current_user();
  • wp-includes/default-filters.php

     
    1414
    1515// Strip, trim, kses, special chars for string saves
    1616foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
    17         add_filter( $filter, 'sanitize_text_field'  );
    18         add_filter( $filter, 'wp_filter_kses'      );
     17        add_filter( $filter, 'sanitize_text_field' );
     18        add_filter( $filter, 'wp_kses_data' );
    1919        add_filter( $filter, '_wp_specialchars', 30 );
    2020}
    2121
     
    3131
    3232// Kses only for textarea saves
    3333foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
    34         add_filter( $filter, 'wp_filter_kses' );
     34        add_filter( $filter, 'wp_kses_data' );
    3535}
    3636
    3737// Kses only for textarea admin displays
    3838if ( is_admin() ) {
    39         foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
     39        foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) {
    4040                add_filter( $filter, 'wp_kses_data' );
    4141        }
    42         add_filter( 'comment_text', 'wp_kses_post' );
    4342}
    4443
    4544// Email saves
    4645foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
    4746        add_filter( $filter, 'trim'           );
    4847        add_filter( $filter, 'sanitize_email' );
    49         add_filter( $filter, 'wp_filter_kses' );
     48        add_filter( $filter, 'wp_kses_data' );
    5049}
    5150
    5251// Email admin display
  • wp-includes/class-wp-atom-server.php

     
    366366
    367367                $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_name');
    368368
    369                 $this->escape($post_data);
    370 
    371369                $postID = wp_insert_post($post_data);
    372370                if ( is_wp_error( $postID ) )
    373371                        $this->internal_error($postID->get_error_message());
     
    448446                $post_modified_gmt = $pubtimes[1];
    449447
    450448                $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_date', 'post_date_gmt', 'post_modified', 'post_modified_gmt');
    451                 $this->escape($postdata);
    452449
    453450                $result = wp_update_post($postdata);
    454451
     
    601598                $post_modified_gmt = $pubtimes[1];
    602599
    603600                $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_modified', 'post_modified_gmt');
    604                 $this->escape($postdata);
    605601
    606602                $result = wp_update_post($postdata);
    607603
  • wp-includes/taxonomy.php

     
    20482048        $args = sanitize_term($args, $taxonomy, 'db');
    20492049        extract($args, EXTR_SKIP);
    20502050
    2051         // expected_slashed ($name)
    2052         $name = stripslashes($name);
    2053         $description = stripslashes($description);
    2054 
    20552051        if ( empty($slug) )
    20562052                $slug = sanitize_title($name);
    20572053
     
    23442340        if ( is_wp_error( $term ) )
    23452341                return $term;
    23462342
    2347         // Escape data pulled from DB.
    2348         $term = add_magic_quotes($term);
    2349 
    23502343        // Merge old and new args with new args overwriting old ones.
    23512344        $args = array_merge($term, $args);
    23522345
     
    23552348        $args = sanitize_term($args, $taxonomy, 'db');
    23562349        extract($args, EXTR_SKIP);
    23572350
    2358         // expected_slashed ($name)
    2359         $name = stripslashes($name);
    2360         $description = stripslashes($description);
    2361 
    23622351        if ( '' == trim($name) )
    23632352                return new WP_Error('empty_term_name', __('A name is required for this term'));
    23642353
  • wp-includes/post.php

     
    206206        $file = apply_filters( 'update_attached_file', $file, $attachment_id );
    207207        $file = _wp_relative_upload_path($file);
    208208
    209         return update_post_meta( $attachment_id, '_wp_attached_file', $file );
     209        return wp_update_post_meta( $attachment_id, '_wp_attached_file', $file );
    210210}
    211211
    212212/**
     
    16181618 * @link http://codex.wordpress.org/Function_Reference/add_post_meta
    16191619 *
    16201620 * @param int $post_id Post ID.
    1621  * @param string $meta_key Metadata name.
    1622  * @param mixed $meta_value Metadata value.
     1621 * @param string $meta_key Metadata name (expected slashed).
     1622 * @param mixed $meta_value Metadata value (expected slashed).
    16231623 * @param bool $unique Optional, default is false. Whether the same key should not be added.
    16241624 * @return bool False for failure. True for success.
    16251625 */
     
    16281628        if ( $the_post = wp_is_post_revision($post_id) )
    16291629                $post_id = $the_post;
    16301630
     1631        // expected slashed
     1632        $meta_key = stripslashes( $meta_key );
     1633        $meta_value = stripslashes_deep( $meta_value );
     1634
    16311635        return add_metadata('post', $post_id, $meta_key, $meta_value, $unique);
    16321636}
    16331637
    16341638/**
     1639 * Add meta data field to a post.
     1640 *
     1641 * Post meta data is called "Custom Fields" on the Administration Screen.
     1642 *
     1643 * @since 3.5.0
     1644 * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta
     1645 *
     1646 * @param int $post_id Post ID.
     1647 * @param string $meta_key Metadata name (clean, slashes already stripped).
     1648 * @param mixed $meta_value Metadata value (clean, slashes already stripped).
     1649 * @param bool $unique Optional, default is false. Whether the same key should not be added.
     1650 * @return bool False for failure. True for success.
     1651 */
     1652function wp_add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
     1653        // make sure meta is added to the post, not a revision
     1654        if ( $the_post = wp_is_post_revision($post_id) )
     1655                $post_id = $the_post;
     1656
     1657        return add_metadata('post', $post_id, $meta_key, $meta_value, $unique);
     1658}
     1659
     1660/**
    16351661 * Remove metadata matching criteria from a post.
    16361662 *
    16371663 * You can match based on the key, or key and value. Removing based on key and
     
    16851711 * @link http://codex.wordpress.org/Function_Reference/update_post_meta
    16861712 *
    16871713 * @param int $post_id Post ID.
    1688  * @param string $meta_key Metadata key.
    1689  * @param mixed $meta_value Metadata value.
     1714 * @param string $meta_key Metadata key (expected slashed).
     1715 * @param mixed $meta_value Metadata value (expected slashed).
    16901716 * @param mixed $prev_value Optional. Previous value to check before removing.
    16911717 * @return bool False on failure, true if success.
    16921718 */
     
    16951721        if ( $the_post = wp_is_post_revision($post_id) )
    16961722                $post_id = $the_post;
    16971723
     1724        // expected slashed
     1725        $meta_key = stripslashes( $meta_key );
     1726        $meta_value = stripslashes_deep( $meta_value );
     1727
    16981728        return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value);
    16991729}
    17001730
    17011731/**
     1732 * Update post meta field based on post ID.
     1733 *
     1734 * Use the $prev_value parameter to differentiate between meta fields with the
     1735 * same key and post ID.
     1736 *
     1737 * If the meta field for the post does not exist, it will be added.
     1738 *
     1739 * @since 3.5.0
     1740 * @uses $wpdb
     1741 * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta
     1742 *
     1743 * @param int $post_id Post ID.
     1744 * @param string $meta_key Metadata key (clean, slashes already stripped).
     1745 * @param mixed $meta_value Metadata value (clean, slashes already stripped).
     1746 * @param mixed $prev_value Optional. Previous value to check before removing.
     1747 * @return bool False on failure, true if success.
     1748 */
     1749function wp_update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
     1750        // make sure meta is added to the post, not a revision
     1751        if ( $the_post = wp_is_post_revision($post_id) )
     1752                $post_id = $the_post;
     1753
     1754        return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value);
     1755}
     1756
     1757/**
    17021758 * Delete everything from post meta matching meta key.
    17031759 *
    17041760 * @since 2.3.0
     
    22652321
    22662322        do_action('wp_trash_post', $post_id);
    22672323
    2268         add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
    2269         add_post_meta($post_id,'_wp_trash_meta_time', time());
     2324        wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
     2325        wp_add_post_meta($post_id,'_wp_trash_meta_time', time());
    22702326
    22712327        $post['post_status'] = 'trash';
    22722328        wp_insert_post($post);
     
    23422398        $statuses = array();
    23432399        foreach ( $comments as $comment )
    23442400                $statuses[$comment->comment_ID] = $comment->comment_approved;
    2345         add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
     2401        wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
    23462402
    23472403        // Set status for all comments to post-trashed
    23482404        $result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id));
     
    27062762
    27072763        $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
    27082764
    2709         // expected_slashed (everything!)
    27102765        $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
    27112766        $data = apply_filters('wp_insert_post_data', $data, $postarr);
    2712         $data = stripslashes_deep( $data );
    27132767        $where = array( 'ID' => $post_ID );
    27142768
    27152769        if ( $update ) {
     
    27832837                        else
    27842838                                return 0;
    27852839                }
    2786                 update_post_meta($post_ID, '_wp_page_template',  $page_template);
     2840                wp_update_post_meta($post_ID, '_wp_page_template',  $page_template);
    27872841        }
    27882842
    27892843        wp_transition_post_status($data['post_status'], $previous_status, $post);
     
    28162870        if ( is_object($postarr) ) {
    28172871                // non-escaped post was passed
    28182872                $postarr = get_object_vars($postarr);
    2819                 $postarr = add_magic_quotes($postarr);
    28202873        }
    28212874
    28222875        // First, get all of the original fields
    28232876        $post = get_post($postarr['ID'], ARRAY_A);
    28242877
    2825         // Escape data pulled from DB.
    2826         $post = add_magic_quotes($post);
    2827 
    28282878        // Passed post category list overwrites existing category list if not empty.
    28292879        if ( isset($postarr['post_category']) && is_array($postarr['post_category'])
    28302880                         && 0 != count($postarr['post_category']) )
     
    38493899        if ( ! isset($pinged) )
    38503900                $pinged = '';
    38513901
    3852         // expected_slashed (everything!)
    38533902        $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
    3854         $data = stripslashes_deep( $data );
    38553903
    38563904        if ( $update ) {
    38573905                $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) );
     
    38813929        clean_post_cache( $post_ID );
    38823930
    38833931        if ( ! empty( $context ) )
    3884                 add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
     3932                wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
    38853933
    38863934        if ( $update) {
    38873935                do_action('edit_attachment', $post_ID);
     
    40304078
    40314079        $data = apply_filters( 'wp_update_attachment_metadata', $data, $post->ID );
    40324080
    4033         return update_post_meta( $post->ID, '_wp_attachment_metadata', $data);
     4081        return wp_update_post_meta( $post->ID, '_wp_attachment_metadata', $data);
    40344082}
    40354083
    40364084/**
     
    42664314
    42674315        // if we haven't added this old slug before, add it now
    42684316        if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) )
    4269                 add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
     4317                wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
    42704318
    42714319        // if the new slug was used previously, delete it from the list
    42724320        if ( in_array($post->post_name, $old_slugs) )
     
    46944742                return;
    46954743
    46964744        if ( get_option('default_pingback_flag') )
    4697                 add_post_meta( $post_id, '_pingme', '1' );
    4698         add_post_meta( $post_id, '_encloseme', '1' );
     4745                wp_add_post_meta( $post_id, '_pingme', '1' );
     4746        wp_add_post_meta( $post_id, '_encloseme', '1' );
    46994747
    47004748        wp_schedule_single_event(time(), 'do_pings');
    47014749}
     
    49314979                return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) );
    49324980
    49334981        $post = _wp_post_revision_fields( $post, $autosave );
    4934         $post = add_magic_quotes($post); //since data is from db
    49354982
    49364983        $revision_id = wp_insert_post( $post );
    49374984        if ( is_wp_error($revision_id) )
     
    50105057
    50115058        $update['ID'] = $revision['post_parent'];
    50125059
    5013         $update = add_magic_quotes( $update ); //since data is from db
    5014 
    50155060        $post_id = wp_update_post( $update );
    50165061        if ( is_wp_error( $post_id ) )
    50175062                return $post_id;
     
    52345279        if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) {
    52355280                $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
    52365281                if ( ! empty( $thumbnail_html ) ) {
    5237                         return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
     5282                        return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
    52385283                }
    52395284        }
    52405285        return false;
  • wp-includes/comment.php

     
    604604 */
    605605function sanitize_comment_cookies() {
    606606        if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
    607                 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
    608                 $comment_author = stripslashes($comment_author);
     607                $comment_author = stripslashes($_COOKIE['comment_author_'.COOKIEHASH]);
     608                $comment_author = apply_filters('pre_comment_author_name', $comment_author);
    609609                $comment_author = esc_attr($comment_author);
    610610                $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
    611611        }
    612612
    613613        if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
    614                 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
    615                 $comment_author_email = stripslashes($comment_author_email);
     614                $comment_author_email = stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH]);
     615                $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email);
    616616                $comment_author_email = esc_attr($comment_author_email);
    617617                $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
    618618        }
    619619
    620620        if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
    621                 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
    622                 $comment_author_url = stripslashes($comment_author_url);
     621                $comment_author_url = stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH]);
     622                $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url);
    623623                $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
    624624        }
    625625}
     
    641641        extract($commentdata, EXTR_SKIP);
    642642
    643643        // Simple duplicate check
    644         // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
    645         $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
     644        $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '" . $wpdb->escape( $comment_post_ID ) . "' AND comment_approved != 'trash' AND ( comment_author = '" . $wpdb->escape( $comment_author ) . "' ";
    646645        if ( $comment_author_email )
    647                 $dupe .= "OR comment_author_email = '$comment_author_email' ";
    648         $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
     646                $dupe .= "OR comment_author_email = '" . $wpdb->escape( $comment_author_email ) . "' ";
     647        $dupe .= ") AND comment_content = '" . $wpdb->escape( $comment_content ) . "' LIMIT 1";
    649648        if ( $wpdb->get_var($dupe) ) {
    650649                do_action( 'comment_duplicate_trigger', $commentdata );
    651650                if ( defined('DOING_AJAX') )
     
    12331232 */
    12341233function wp_insert_comment($commentdata) {
    12351234        global $wpdb;
    1236         extract(stripslashes_deep($commentdata), EXTR_SKIP);
     1235        extract($commentdata, EXTR_SKIP);
    12371236
    12381237        if ( ! isset($comment_author_IP) )
    12391238                $comment_author_IP = '';
     
    14711470        $commentarr = wp_filter_comment( $commentarr );
    14721471
    14731472        // Now extract the merged array.
    1474         extract(stripslashes_deep($commentarr), EXTR_SKIP);
     1473        extract($commentarr, EXTR_SKIP);
    14751474
    14761475        $comment_content = apply_filters('comment_save_pre', $comment_content);
    14771476
  • wp-includes/functions.php

     
    468468                                }
    469469
    470470                                if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
    471                                         add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
     471                                        wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
    472472                                }
    473473                        }
    474474                }
  • wp-includes/user.php

     
    13431343        }
    13441344
    13451345        $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' );
    1346         $data = stripslashes_deep( $data );
    13471346
    13481347        if ( $update ) {
    13491348                $wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
     
    14131412                $user[ $key ] = get_user_meta( $ID, $key, true );
    14141413        }
    14151414
    1416         // Escape data pulled from DB.
    1417         $user = add_magic_quotes( $user );
    1418 
    14191415        // If password is changing, hash it now.
    14201416        if ( ! empty($userdata['user_pass']) ) {
    14211417                $plaintext_pass = $userdata['user_pass'];
  • wp-includes/media.php

     
    12161216
    12171217                        // Cache the result
    12181218                        $cache = ( $html ) ? $html : '{{unknown}}';
    1219                         update_post_meta( $post_ID, $cachekey, $cache );
     1219                        wp_update_post_meta( $post_ID, $cachekey, $cache );
    12201220
    12211221                        // If there was a result, return it
    12221222                        if ( $html )
  • wp-includes/class-wp-xmlrpc-server.php

     
    273273                $post_id = (int) $post_id;
    274274
    275275                foreach ( (array) $fields as $meta ) {
     276                        $meta['key'] = stripslashes( $meta['key'] );
     277                        $meta['value'] = stripslashes_deep( $meta['value'] );
    276278                        if ( isset($meta['id']) ) {
    277279                                $meta['id'] = (int) $meta['id'];
    278280                                $pmeta = get_metadata_by_mid( 'post', $meta['id'] );
    279281                                if ( isset($meta['key']) ) {
    280                                         $meta['key'] = stripslashes( $meta['key'] );
    281282                                        if ( $meta['key'] != $pmeta->meta_key )
    282283                                                continue;
    283                                         $meta['value'] = stripslashes_deep( $meta['value'] );
    284284                                        if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
    285285                                                update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
    286286                                } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
    287287                                        delete_metadata_by_mid( 'post', $meta['id'] );
    288288                                }
    289289                        } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
    290                                 add_post_meta( $post_id, $meta['key'], $meta['value'] );
     290                                wp_add_post_meta( $post_id, $meta['key'], $meta['value'] );
    291291                        }
    292292                }
    293293        }
     
    39333933                                }
    39343934                        }
    39353935                        if (!$found)
    3936                                 add_post_meta( $post_ID, 'enclosure', $encstring );
     3936                                wp_add_post_meta( $post_ID, 'enclosure', $encstring );
    39373937                }
    39383938        }
    39393939
     
    48854885                // retain old cats
    48864886                $cats = wp_get_post_categories($post_ID);
    48874887                $postdata['post_category'] = $cats;
    4888                 $this->escape($postdata);
    48894888
    48904889                $result = wp_update_post($postdata);
    48914890
  • wp-includes/formatting.php

     
    16621662 * @return string Converted content.
    16631663 */
    16641664function wp_rel_nofollow( $text ) {
    1665         // This is a pre save filter, so text is already escaped.
    1666         $text = stripslashes($text);
    16671665        $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
    1668         $text = esc_sql($text);
    16691666        return $text;
    16701667}
    16711668
  • wp-includes/kses.php

     
    13641364 */
    13651365function kses_init_filters() {
    13661366        // Normal filtering
    1367         add_filter('title_save_pre', 'wp_filter_kses');
     1367        add_filter('title_save_pre', 'wp_kses_data');
    13681368
    13691369        // Comment filtering
    13701370        if ( current_user_can( 'unfiltered_html' ) )
    1371                 add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
     1371                add_filter( 'pre_comment_content', 'wp_kses_post' );
    13721372        else
    1373                 add_filter( 'pre_comment_content', 'wp_filter_kses' );
     1373                add_filter( 'pre_comment_content', 'wp_kses_data' );
    13741374
    13751375        // Post filtering
    1376         add_filter('content_save_pre', 'wp_filter_post_kses');
    1377         add_filter('excerpt_save_pre', 'wp_filter_post_kses');
    1378         add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
     1376        add_filter('content_save_pre', 'wp_kses_post');
     1377        add_filter('excerpt_save_pre', 'wp_kses_post');
     1378        add_filter('content_filtered_save_pre', 'wp_kses_post');
    13791379}
    13801380
    13811381/**
     
    13921392 */
    13931393function kses_remove_filters() {
    13941394        // Normal filtering
    1395         remove_filter('title_save_pre', 'wp_filter_kses');
     1395        remove_filter('title_save_pre', 'wp_kses_data');
    13961396
    13971397        // Comment filtering
    1398         remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
    1399         remove_filter( 'pre_comment_content', 'wp_filter_kses' );
     1398        remove_filter( 'pre_comment_content', 'wp_kses_post' );
     1399        remove_filter( 'pre_comment_content', 'wp_kses_data' );
    14001400
    14011401        // Post filtering
    1402         remove_filter('content_save_pre', 'wp_filter_post_kses');
    1403         remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
    1404         remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
     1402        remove_filter('content_save_pre', 'wp_kses_post');
     1403        remove_filter('excerpt_save_pre', 'wp_kses_post');
     1404        remove_filter('content_filtered_save_pre', 'wp_kses_post');
    14051405}
    14061406
    14071407/**
  • wp-includes/meta.php

     
    4242
    4343        $column = esc_sql($meta_type . '_id');
    4444
    45         // expected_slashed ($meta_key)
    46         $meta_key = stripslashes($meta_key);
    47         $meta_value = stripslashes_deep($meta_value);
    4845        $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
    4946
    5047        $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
     
    113110        $column = esc_sql($meta_type . '_id');
    114111        $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
    115112
    116         // expected_slashed ($meta_key)
    117         $meta_key = stripslashes($meta_key);
    118113        $passed_value = $meta_value;
    119         $meta_value = stripslashes_deep($meta_value);
    120114        $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
    121115
    122116        $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
  • wp-includes/nav-menu.php

     
    376376
    377377        $menu_item_db_id = (int) $menu_item_db_id;
    378378
    379         update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
    380         update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (int) $args['menu-item-parent-id'] );
    381         update_post_meta( $menu_item_db_id, '_menu_item_object_id', (int) $args['menu-item-object-id'] );
    382         update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
    383         update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
     379        wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
     380        wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (int) $args['menu-item-parent-id'] );
     381        wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', (int) $args['menu-item-object-id'] );
     382        wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
     383        wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
    384384
    385385        $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
    386386        $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
    387         update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
    388         update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
    389         update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
     387        wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
     388        wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
     389        wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
    390390
    391391        if ( 0 == $menu_id )
    392                 update_post_meta( $menu_item_db_id, '_menu_item_orphaned', time() );
     392                wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', time() );
    393393        else
    394394                delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );
    395395
  • wp-mail.php

     
    202202        $post_category = array(get_option('default_email_category'));
    203203
    204204        $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
    205         $post_data = add_magic_quotes($post_data);
    206205
    207206        $post_ID = wp_insert_post($post_data);
    208207        if ( is_wp_error( $post_ID ) )
  • wp-admin/includes/bookmark.php

     
    3939
    4040        if ( !empty( $link_id ) ) {
    4141                $_POST['link_id'] = $link_id;
    42                 return wp_update_link( $_POST );
     42                return wp_update_link( stripslashes_deep( $_POST ) );
    4343        } else {
    44                 return wp_insert_link( $_POST );
     44                return wp_insert_link( stripslashes_deep( $_POST ) );
    4545        }
    4646}
    4747
     
    137137        $linkdata = wp_parse_args( $linkdata, $defaults );
    138138        $linkdata = sanitize_bookmark( $linkdata, 'db' );
    139139
    140         extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
     140        extract( $linkdata, EXTR_SKIP );
    141141
    142142        $update = false;
    143143
     
    250250
    251251        $link = get_bookmark( $link_id, ARRAY_A );
    252252
    253         // Escape data pulled from DB.
    254         $link = add_magic_quotes( $link );
    255 
    256253        // Passed link category list overwrites existing category list if not empty.
    257254        if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] )
    258255                         && 0 != count( $linkdata['link_category'] ) )
  • wp-admin/includes/taxonomy.php

     
    157157        // First, get all of the original fields
    158158        $category = get_category($cat_ID, ARRAY_A);
    159159
    160         // Escape data pulled from DB.
    161         $category = add_magic_quotes($category);
    162 
    163160        // Merge old and new fields with new fields overwriting old ones.
    164161        $catarr = array_merge($category, $catarr);
    165162
  • wp-admin/includes/ajax-actions.php

     
    284284 */
    285285
    286286function _wp_ajax_add_hierarchical_term() {
     287        $post_data = stripslashes_deep( $_POST );
    287288        $action = $_POST['action'];
    288289        $taxonomy = get_taxonomy(substr($action, 4));
    289290        check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
    290291        if ( !current_user_can( $taxonomy->cap->edit_terms ) )
    291292                wp_die( -1 );
    292         $names = explode(',', $_POST['new'.$taxonomy->name]);
    293         $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
     293        $names = explode(',', $post_data['new'.$taxonomy->name]);
     294        $parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0;
    294295        if ( 0 > $parent )
    295296                $parent = 0;
    296297        if ( $taxonomy->name == 'category' )
    297                 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
     298                $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array();
    298299        else
    299                 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
     300                $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array();
    300301        $checked_categories = array_map( 'absint', (array) $post_category );
    301302        $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
    302303
     
    564565        check_ajax_referer( $action );
    565566        if ( !current_user_can( 'manage_categories' ) )
    566567                wp_die( -1 );
    567         $names = explode(',', $_POST['newcat']);
     568        $names = explode( ',', stripslashes( $_POST['newcat'] ) );
    568569        $x = new WP_Ajax_Response();
    569570        foreach ( $names as $cat_name ) {
    570571                $cat_name = trim($cat_name);
     
    591592function wp_ajax_add_tag() {
    592593        global $wp_list_table;
    593594
     595        $post_data = stripslashes_deep( $_POST );
     596
    594597        check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
    595         $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
    596         $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
     598        $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post';
     599        $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag';
    597600        $tax = get_taxonomy($taxonomy);
    598601
    599602        if ( !current_user_can( $tax->cap->edit_terms ) )
     
    601604
    602605        $x = new WP_Ajax_Response();
    603606
    604         $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
     607        $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
    605608
    606609        if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
    607610                $message = __('An error has occurred. Please reload the page and try again.');
     
    615618                $x->send();
    616619        }
    617620
    618         set_current_screen( $_POST['screen'] );
     621        set_current_screen( stripslashes( $_POST['screen'] ) );
    619622
    620623        $wp_list_table = _get_list_table('WP_Terms_List_Table');
    621624
     
    742745                $comment_author       = $wpdb->escape($user->display_name);
    743746                $comment_author_email = $wpdb->escape($user->user_email);
    744747                $comment_author_url   = $wpdb->escape($user->user_url);
    745                 $comment_content      = trim($_POST['content']);
     748                $comment_content      = trim( stripslashes( $_POST['content'] ) );
    746749                if ( current_user_can( 'unfiltered_html' ) ) {
    747750                        if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
    748751                                kses_remove_filters(); // start with a clean slate
     
    13401343        $data = &$_POST;
    13411344
    13421345        $post = get_post( $post_ID, ARRAY_A );
    1343         $post = add_magic_quotes($post); //since it is from db
    13441346
    13451347        $data['content'] = $post['post_content'];
    13461348        $data['excerpt'] = $post['post_excerpt'];
     
    13881390        global $wp_list_table;
    13891391
    13901392        check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
     1393       
     1394        $post_data = stripslashes_deep( $_POST );
    13911395
    1392         $taxonomy = sanitize_key( $_POST['taxonomy'] );
     1396        $taxonomy = sanitize_key( $post_data['taxonomy'] );
    13931397        $tax = get_taxonomy( $taxonomy );
    13941398        if ( ! $tax )
    13951399                wp_die( 0 );
     
    14011405
    14021406        $wp_list_table = _get_list_table('WP_Terms_List_Table');
    14031407
    1404         if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
     1408        if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) )
    14051409                wp_die( -1 );
    14061410
    14071411        $tag = get_term( $id, $taxonomy );
    1408         $_POST['description'] = $tag->description;
     1412        $post_data['description'] = $tag->description;
    14091413
    1410         $updated = wp_update_term($id, $taxonomy, $_POST);
     1414        $updated = wp_update_term($id, $taxonomy, $post_data );
    14111415        if ( $updated && !is_wp_error($updated) ) {
    14121416                $tag = get_term( $updated['term_id'], $taxonomy );
    14131417                if ( !$tag || is_wp_error( $tag ) ) {
     
    16211625                $post_id = null;
    16221626        }
    16231627
    1624         $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
     1628        $post_data = isset( $_REQUEST['post_data'] ) ? stripslashes_deep( $_REQUEST['post_data'] ) : array();
    16251629
    16261630        $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
    16271631
     
    16381642
    16391643        if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
    16401644                if ( 'custom-background' === $post_data['context'] )
    1641                         update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
     1645                        wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
    16421646
    16431647                if ( 'custom-header' === $post_data['context'] )
    1644                         update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
     1648                        wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
    16451649        }
    16461650
    16471651        $post = get_post( $attachment_id );
     
    17791783                wp_die( 0 );
    17801784
    17811785        $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1];
    1782         update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
     1786        wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
    17831787        wp_die( 1 );
    17841788}
    17851789
  • wp-admin/includes/post.php

     
    139139 */
    140140function edit_post( $post_data = null ) {
    141141
    142         if ( empty($post_data) )
    143                 $post_data = &$_POST;
     142        if ( empty($post_data) ) {
     143                $post_data = stripslashes_deep( $_POST );
     144        }
    144145
    145146        // Clear out any data in internal vars.
    146147        unset( $post_data['filter'] );
     
    225226
    226227        add_meta( $post_ID );
    227228
    228         update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
     229        wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
    229230
    230231        wp_update_post( $post_data );
    231232
     
    556557        }
    557558
    558559        // Create the post.
    559         $post_ID = wp_insert_post( $_POST );
     560        $post_ID = wp_insert_post( stripslashes_deep( $_POST ) );
    560561        if ( is_wp_error( $post_ID ) )
    561562                return $post_ID;
    562563
     
    565566
    566567        add_meta( $post_ID );
    567568
    568         add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
     569        wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
    569570
    570571        // Now that we have an ID we can fix any attachment anchor hrefs
    571572        _fix_attachment_links( $post_ID );
     
    630631
    631632                $metakey = esc_sql( $metakey );
    632633
    633                 return add_post_meta( $post_ID, $metakey, $metavalue );
     634                return wp_add_post_meta( $post_ID, $metakey, $metavalue );
    634635        }
    635636
    636637        return false;
     
    764765
    765766        if ( $replace ) {
    766767                $post['post_content'] = $content;
    767                 // Escape data pulled from DB.
    768                 $post = add_magic_quotes($post);
    769768
    770769                return wp_update_post($post);
    771770        }
     
    11961195        $now = time();
    11971196        $lock = "$now:$user_id";
    11981197
    1199         update_post_meta( $post->ID, '_edit_lock', $lock );
     1198        wp_update_post_meta( $post->ID, '_edit_lock', $lock );
    12001199        return array( $now, $user_id );
    12011200}
    12021201
  • wp-admin/includes/misc.php

     
    322322
    323323                if ( !$user = wp_get_current_user() )
    324324                        return;
    325                 $option = $_POST['wp_screen_options']['option'];
    326                 $value = $_POST['wp_screen_options']['value'];
     325                $option = stripslashes( $_POST['wp_screen_options']['option'] );
     326                $value = stripslashes_deep( $_POST['wp_screen_options']['value'] );
    327327
    328328                if ( !preg_match( '/^[a-z_-]+$/', $option ) )
    329329                        return;
  • wp-admin/includes/comment.php

     
    1919function comment_exists($comment_author, $comment_date) {
    2020        global $wpdb;
    2121
    22         $comment_author = stripslashes($comment_author);
    23         $comment_date = stripslashes($comment_date);
    24 
    2522        return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
    2623                        WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
    2724}
     
    3330 */
    3431function edit_comment() {
    3532
    36         if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
     33        $post_data = stripslashes_deep( $_POST );
     34
     35        if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) )
    3736                wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
    3837
    39         $_POST['comment_author'] = $_POST['newcomment_author'];
    40         $_POST['comment_author_email'] = $_POST['newcomment_author_email'];
    41         $_POST['comment_author_url'] = $_POST['newcomment_author_url'];
    42         $_POST['comment_approved'] = $_POST['comment_status'];
    43         $_POST['comment_content'] = $_POST['content'];
    44         $_POST['comment_ID'] = (int) $_POST['comment_ID'];
     38        $post_data['comment_author'] = $post_data['newcomment_author'];
     39        $post_data['comment_author_email'] = $post_data['newcomment_author_email'];
     40        $post_data['comment_author_url'] = $post_data['newcomment_author_url'];
     41        $post_data['comment_approved'] = $post_data['comment_status'];
     42        $post_data['comment_content'] = $post_data['content'];
     43        $post_data['comment_ID'] = (int) $post_data['comment_ID'];
    4544
    4645        foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
    47                 if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
     46                if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
    4847                        $_POST['edit_date'] = '1';
    4948                        break;
    5049                }
    5150        }
    5251
    53         if ( !empty ( $_POST['edit_date'] ) ) {
    54                 $aa = $_POST['aa'];
    55                 $mm = $_POST['mm'];
    56                 $jj = $_POST['jj'];
    57                 $hh = $_POST['hh'];
    58                 $mn = $_POST['mn'];
    59                 $ss = $_POST['ss'];
     52        if ( !empty ( $post_data['edit_date'] ) ) {
     53                $aa = $post_data['aa'];
     54                $mm = $post_data['mm'];
     55                $jj = $post_data['jj'];
     56                $hh = $post_data['hh'];
     57                $mn = $post_data['mn'];
     58                $ss = $post_data['ss'];
    6059                $jj = ($jj > 31 ) ? 31 : $jj;
    6160                $hh = ($hh > 23 ) ? $hh -24 : $hh;
    6261                $mn = ($mn > 59 ) ? $mn -60 : $mn;
    6362                $ss = ($ss > 59 ) ? $ss -60 : $ss;
    64                 $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
     63                $post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
    6564        }
    6665
    67         wp_update_comment( $_POST );
     66        wp_update_comment( $post_data );
    6867}
    6968
    7069/**
  • wp-admin/includes/image-edit.php

     
    439439                }
    440440        }
    441441
    442         if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
     442        if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
    443443                $msg->error = __('Cannot save image metadata.');
    444444                return $msg;
    445445        }
     
    602602
    603603        if ( $success ) {
    604604                wp_update_attachment_metadata($post_id, $meta);
    605                 update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
     605                wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
    606606
    607607                if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) {
    608608                        $file_url = wp_get_attachment_url($post_id);
  • wp-admin/includes/user.php

     
    3838        } else {
    3939                $update = false;
    4040        }
     41       
     42        // get clean data before we get started.
     43        $post_data = stripslashes_deep( $_POST );
    4144
    42         if ( !$update && isset( $_POST['user_login'] ) )
    43                 $user->user_login = sanitize_user($_POST['user_login'], true);
     45        if ( !$update && isset( $post_data['user_login'] ) )
     46                $user->user_login = sanitize_user($post_data['user_login'], true);
    4447
    4548        $pass1 = $pass2 = '';
    46         if ( isset( $_POST['pass1'] ))
    47                 $pass1 = $_POST['pass1'];
    48         if ( isset( $_POST['pass2'] ))
    49                 $pass2 = $_POST['pass2'];
     49        if ( isset( $post_data['pass1'] ))
     50                $pass1 = $post_data['pass1'];
     51        if ( isset( $post_data['pass2'] ))
     52                $pass2 = $post_data['pass2'];
    5053
    51         if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
    52                 $new_role = sanitize_text_field( $_POST['role'] );
     54        if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) {
     55                $new_role = sanitize_text_field( $post_data['role'] );
    5356                $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
    5457                // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
    5558                // Multisite super admins can freely edit their blog roles -- they possess all caps.
     
    6265                        wp_die(__('You can&#8217;t give users that role.'));
    6366        }
    6467
    65         if ( isset( $_POST['email'] ))
    66                 $user->user_email = sanitize_text_field( $_POST['email'] );
    67         if ( isset( $_POST['url'] ) ) {
    68                 if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
     68        if ( isset( $post_data['email'] ))
     69                $user->user_email = sanitize_text_field( $post_data['email'] );
     70        if ( isset( $post_data['url'] ) ) {
     71                if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) {
    6972                        $user->user_url = '';
    7073                } else {
    71                         $user->user_url = esc_url_raw( $_POST['url'] );
     74                        $user->user_url = esc_url_raw( $post_data['url'] );
    7275                        $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
    7376                        $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    7477                }
    7578        }
    76         if ( isset( $_POST['first_name'] ) )
    77                 $user->first_name = sanitize_text_field( $_POST['first_name'] );
    78         if ( isset( $_POST['last_name'] ) )
    79                 $user->last_name = sanitize_text_field( $_POST['last_name'] );
    80         if ( isset( $_POST['nickname'] ) )
    81                 $user->nickname = sanitize_text_field( $_POST['nickname'] );
    82         if ( isset( $_POST['display_name'] ) )
    83                 $user->display_name = sanitize_text_field( $_POST['display_name'] );
     79        if ( isset( $post_data['first_name'] ) )
     80                $user->first_name = sanitize_text_field( $post_data['first_name'] );
     81        if ( isset( $post_data['last_name'] ) )
     82                $user->last_name = sanitize_text_field( $post_data['last_name'] );
     83        if ( isset( $post_data['nickname'] ) )
     84                $user->nickname = sanitize_text_field( $post_data['nickname'] );
     85        if ( isset( $post_data['display_name'] ) )
     86                $user->display_name = sanitize_text_field( $post_data['display_name'] );
    8487
    85         if ( isset( $_POST['description'] ) )
    86                 $user->description = trim( $_POST['description'] );
     88        if ( isset( $post_data['description'] ) )
     89                $user->description = trim( $post_data['description'] );
    8790
    8891        foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) {
    89                 if ( isset( $_POST[$method] ))
    90                         $user->$method = sanitize_text_field( $_POST[$method] );
     92                if ( isset( $post_data[$method] ))
     93                        $user->$method = sanitize_text_field( $post_data[$method] );
    9194        }
    9295
    9396        if ( $update ) {
    94                 $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
    95                 $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
    96                 $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
     97                $user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true';
     98                $user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh';
     99                $user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false';
    97100        }
    98101
    99         $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
     102        $user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : '';
    100103
    101104        $user->use_ssl = 0;
    102         if ( !empty($_POST['use_ssl']) )
     105        if ( !empty($post_data['use_ssl']) )
    103106                $user->use_ssl = 1;
    104107
    105108        $errors = new WP_Error();
     
    134137        if ( !empty( $pass1 ) )
    135138                $user->user_pass = $pass1;
    136139
    137         if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
     140        if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) )
    138141                $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
    139142
    140143        if ( !$update && username_exists( $user->user_login ) )
     
    159162                $user_id = wp_update_user( $user );
    160163        } else {
    161164                $user_id = wp_insert_user( $user );
    162                 wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' );
     165                wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' );
    163166        }
    164167        return $user_id;
    165168}
  • wp-admin/includes/media.php

     
    423423        }
    424424
    425425        if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
     426                $attachment = stripslashes_deep( $attachment );
     427       
    426428                $post = $_post = get_post($attachment_id, ARRAY_A);
    427429                $post_type_object = get_post_type_object( $post[ 'post_type' ] );
    428430
     
    447449
    448450                if ( isset($attachment['image_alt']) ) {
    449451                        $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
    450                         if ( $image_alt != stripslashes($attachment['image_alt']) ) {
    451                                 $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
     452                        if ( $image_alt != $attachment['image_alt'] ) {
     453                                $image_alt = wp_strip_all_tags( $attachment['image_alt'], true );
    452454                                // update_meta expects slashed
    453                                 update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
     455                                wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt );
    454456                        }
    455457                }
    456458
  • wp-admin/edit-tags.php

     
    4747        if ( !current_user_can( $tax->cap->edit_terms ) )
    4848                wp_die( __( 'Cheatin&#8217; uh?' ) );
    4949
    50         $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
     50        $post_data = stripslashes_deep( $_POST );
     51
     52        $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
    5153        $location = 'edit-tags.php?taxonomy=' . $taxonomy;
    5254        if ( 'post' != $post_type )
    5355                $location .= '&post_type=' . $post_type;
     
    132134break;
    133135
    134136case 'editedtag':
    135         $tag_ID = (int) $_POST['tag_ID'];
     137
     138        $post_data = stripslashes_deep( $_POST );
     139
     140        $tag_ID = (int) $post_data['tag_ID'];
    136141        check_admin_referer( 'update-tag_' . $tag_ID );
    137142
    138143        if ( !current_user_can( $tax->cap->edit_terms ) )
     
    142147        if ( ! $tag )
    143148                wp_die( __( 'You attempted to edit an item that doesn&#8217;t exist. Perhaps it was deleted?' ) );
    144149
    145         $ret = wp_update_term( $tag_ID, $taxonomy, $_POST );
     150        $ret = wp_update_term( $tag_ID, $taxonomy, $post_data );
    146151
    147152        $location = 'edit-tags.php?taxonomy=' . $taxonomy;
    148153        if ( 'post' != $post_type )
  • wp-admin/custom-header.php

     
    992992                                'width'         => $choice['width'],
    993993                        );
    994994
    995                         update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
     995                        wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
    996996                        set_theme_mod( 'header_image', $choice['url'] );
    997997                        set_theme_mod( 'header_image_data', $header_image_data );
    998998                        return;
  • wp-admin/media.php

     
    3232                }
    3333                if ( false !== strpos($location, 'upload.php') ) {
    3434                        $location = remove_query_arg('message', $location);
    35                         $location = add_query_arg('posted',     $attachment_id, $location);
     35                        $location = add_query_arg('posted', $attachment_id, $location);
    3636                } elseif ( false !== strpos($location, 'media.php') ) {
    3737                        $location = add_query_arg('message', 'updated', $location);
    3838                }
  • wp-admin/nav-menus.php

     
    104104                                                if ( ! is_wp_error( $parent_object ) ) {
    105105                                                        $parent_data = (array) $parent_object;
    106106                                                        $menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent'];
    107                                                         update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
     107                                                        wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
    108108
    109109                                                }
    110110
     
    114114                                                $menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1;
    115115
    116116                                                $menu_item_data['menu_item_parent'] = $next_item_data['ID'];
    117                                                 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
     117                                                wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
    118118
    119119                                                wp_update_post($menu_item_data);
    120120                                                wp_update_post($next_item_data);
     
    126126                                        in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids )
    127127                                ) {
    128128                                        $menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true);
    129                                         update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
     129                                        wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
    130130                                }
    131131                        }
    132132                }
     
    201201                                                        $menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1;
    202202
    203203                                                        // save changes
    204                                                         update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
     204                                                        wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
    205205                                                        wp_update_post($menu_item_data);
    206206                                                        wp_update_post($parent_data);
    207207                                                }
     
    216216                                        ) {
    217217                                                // just make it a child of the previous; keep the order
    218218                                                $menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1];
    219                                                 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
     219                                                wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
    220220                                                wp_update_post($menu_item_data);
    221221                                        }
    222222                                }
  • wp-admin/custom-background.php

     
    381381
    382382                // Add the meta-data
    383383                wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
    384                 update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
     384                wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
    385385
    386386                set_theme_mod('background_image', esc_url_raw($url));
    387387
     
    422422                if ( in_array( $_POST['size'], $sizes ) )
    423423                        $size = esc_attr( $_POST['size'] );
    424424
    425                 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
     425                wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
    426426                $url = wp_get_attachment_image_src( $attachment_id, $size );
    427427                $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
    428428                set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );