Ticket #21767: slash-sanity-20120901.diff
File slash-sanity-20120901.diff, 52.6 KB (added by , 9 years ago) |
---|
-
wp-comments-post.php
47 47 do_action('pre_comment_on_post', $comment_post_ID); 48 48 } 49 49 50 $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags( $_POST['author'])) : null;51 $comment_author_email = ( isset($_POST['email']) ) ? trim( $_POST['email']) : null;52 $comment_author_url = ( isset($_POST['url']) ) ? trim( $_POST['url']) : null;53 $comment_content = ( isset($_POST['comment']) ) ? trim( $_POST['comment']) : null;50 $comment_author = ( isset($_POST['author']) ) ? trim(strip_tags(stripslashes($_POST['author']))) : null; 51 $comment_author_email = ( isset($_POST['email']) ) ? trim(stripslashes($_POST['email'])) : null; 52 $comment_author_url = ( isset($_POST['url']) ) ? trim(stripslashes($_POST['url'])) : null; 53 $comment_content = ( isset($_POST['comment']) ) ? trim(stripslashes($_POST['comment'])) : null; 54 54 55 55 // If the user is logged in 56 56 $user = wp_get_current_user(); -
wp-includes/default-filters.php
14 14 15 15 // Strip, trim, kses, special chars for string saves 16 16 foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) { 17 add_filter( $filter, 'sanitize_text_field' 18 add_filter( $filter, 'wp_ filter_kses');17 add_filter( $filter, 'sanitize_text_field' ); 18 add_filter( $filter, 'wp_kses_data' ); 19 19 add_filter( $filter, '_wp_specialchars', 30 ); 20 20 } 21 21 … … 31 31 32 32 // Kses only for textarea saves 33 33 foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) { 34 add_filter( $filter, 'wp_ filter_kses' );34 add_filter( $filter, 'wp_kses_data' ); 35 35 } 36 36 37 37 // Kses only for textarea admin displays 38 38 if ( is_admin() ) { 39 foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {39 foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { 40 40 add_filter( $filter, 'wp_kses_data' ); 41 41 } 42 add_filter( 'comment_text', 'wp_kses_post' );43 42 } 44 43 45 44 // Email saves 46 45 foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) { 47 46 add_filter( $filter, 'trim' ); 48 47 add_filter( $filter, 'sanitize_email' ); 49 add_filter( $filter, 'wp_ filter_kses' );48 add_filter( $filter, 'wp_kses_data' ); 50 49 } 51 50 52 51 // Email admin display -
wp-includes/class-wp-atom-server.php
366 366 367 367 $post_data = compact('blog_ID', 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_name'); 368 368 369 $this->escape($post_data);370 371 369 $postID = wp_insert_post($post_data); 372 370 if ( is_wp_error( $postID ) ) 373 371 $this->internal_error($postID->get_error_message()); … … 448 446 $post_modified_gmt = $pubtimes[1]; 449 447 450 448 $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_date', 'post_date_gmt', 'post_modified', 'post_modified_gmt'); 451 $this->escape($postdata);452 449 453 450 $result = wp_update_post($postdata); 454 451 … … 601 598 $post_modified_gmt = $pubtimes[1]; 602 599 603 600 $postdata = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'post_modified', 'post_modified_gmt'); 604 $this->escape($postdata);605 601 606 602 $result = wp_update_post($postdata); 607 603 -
wp-includes/taxonomy.php
2048 2048 $args = sanitize_term($args, $taxonomy, 'db'); 2049 2049 extract($args, EXTR_SKIP); 2050 2050 2051 // expected_slashed ($name)2052 $name = stripslashes($name);2053 $description = stripslashes($description);2054 2055 2051 if ( empty($slug) ) 2056 2052 $slug = sanitize_title($name); 2057 2053 … … 2344 2340 if ( is_wp_error( $term ) ) 2345 2341 return $term; 2346 2342 2347 // Escape data pulled from DB.2348 $term = add_magic_quotes($term);2349 2350 2343 // Merge old and new args with new args overwriting old ones. 2351 2344 $args = array_merge($term, $args); 2352 2345 … … 2355 2348 $args = sanitize_term($args, $taxonomy, 'db'); 2356 2349 extract($args, EXTR_SKIP); 2357 2350 2358 // expected_slashed ($name)2359 $name = stripslashes($name);2360 $description = stripslashes($description);2361 2362 2351 if ( '' == trim($name) ) 2363 2352 return new WP_Error('empty_term_name', __('A name is required for this term')); 2364 2353 -
wp-includes/post.php
206 206 $file = apply_filters( 'update_attached_file', $file, $attachment_id ); 207 207 $file = _wp_relative_upload_path($file); 208 208 209 return update_post_meta( $attachment_id, '_wp_attached_file', $file );209 return wp_update_post_meta( $attachment_id, '_wp_attached_file', $file ); 210 210 } 211 211 212 212 /** … … 1618 1618 * @link http://codex.wordpress.org/Function_Reference/add_post_meta 1619 1619 * 1620 1620 * @param int $post_id Post ID. 1621 * @param string $meta_key Metadata name .1622 * @param mixed $meta_value Metadata value .1621 * @param string $meta_key Metadata name (expected slashed). 1622 * @param mixed $meta_value Metadata value (expected slashed). 1623 1623 * @param bool $unique Optional, default is false. Whether the same key should not be added. 1624 1624 * @return bool False for failure. True for success. 1625 1625 */ … … 1628 1628 if ( $the_post = wp_is_post_revision($post_id) ) 1629 1629 $post_id = $the_post; 1630 1630 1631 // expected slashed 1632 $meta_key = stripslashes( $meta_key ); 1633 $meta_value = stripslashes_deep( $meta_value ); 1634 1631 1635 return add_metadata('post', $post_id, $meta_key, $meta_value, $unique); 1632 1636 } 1633 1637 1634 1638 /** 1639 * Add meta data field to a post. 1640 * 1641 * Post meta data is called "Custom Fields" on the Administration Screen. 1642 * 1643 * @since 3.5.0 1644 * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta 1645 * 1646 * @param int $post_id Post ID. 1647 * @param string $meta_key Metadata name (clean, slashes already stripped). 1648 * @param mixed $meta_value Metadata value (clean, slashes already stripped). 1649 * @param bool $unique Optional, default is false. Whether the same key should not be added. 1650 * @return bool False for failure. True for success. 1651 */ 1652 function wp_add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { 1653 // make sure meta is added to the post, not a revision 1654 if ( $the_post = wp_is_post_revision($post_id) ) 1655 $post_id = $the_post; 1656 1657 return add_metadata('post', $post_id, $meta_key, $meta_value, $unique); 1658 } 1659 1660 /** 1635 1661 * Remove metadata matching criteria from a post. 1636 1662 * 1637 1663 * You can match based on the key, or key and value. Removing based on key and … … 1685 1711 * @link http://codex.wordpress.org/Function_Reference/update_post_meta 1686 1712 * 1687 1713 * @param int $post_id Post ID. 1688 * @param string $meta_key Metadata key .1689 * @param mixed $meta_value Metadata value .1714 * @param string $meta_key Metadata key (expected slashed). 1715 * @param mixed $meta_value Metadata value (expected slashed). 1690 1716 * @param mixed $prev_value Optional. Previous value to check before removing. 1691 1717 * @return bool False on failure, true if success. 1692 1718 */ … … 1695 1721 if ( $the_post = wp_is_post_revision($post_id) ) 1696 1722 $post_id = $the_post; 1697 1723 1724 // expected slashed 1725 $meta_key = stripslashes( $meta_key ); 1726 $meta_value = stripslashes_deep( $meta_value ); 1727 1698 1728 return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value); 1699 1729 } 1700 1730 1701 1731 /** 1732 * Update post meta field based on post ID. 1733 * 1734 * Use the $prev_value parameter to differentiate between meta fields with the 1735 * same key and post ID. 1736 * 1737 * If the meta field for the post does not exist, it will be added. 1738 * 1739 * @since 3.5.0 1740 * @uses $wpdb 1741 * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta 1742 * 1743 * @param int $post_id Post ID. 1744 * @param string $meta_key Metadata key (clean, slashes already stripped). 1745 * @param mixed $meta_value Metadata value (clean, slashes already stripped). 1746 * @param mixed $prev_value Optional. Previous value to check before removing. 1747 * @return bool False on failure, true if success. 1748 */ 1749 function wp_update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { 1750 // make sure meta is added to the post, not a revision 1751 if ( $the_post = wp_is_post_revision($post_id) ) 1752 $post_id = $the_post; 1753 1754 return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value); 1755 } 1756 1757 /** 1702 1758 * Delete everything from post meta matching meta key. 1703 1759 * 1704 1760 * @since 2.3.0 … … 2265 2321 2266 2322 do_action('wp_trash_post', $post_id); 2267 2323 2268 add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);2269 add_post_meta($post_id,'_wp_trash_meta_time', time());2324 wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); 2325 wp_add_post_meta($post_id,'_wp_trash_meta_time', time()); 2270 2326 2271 2327 $post['post_status'] = 'trash'; 2272 2328 wp_insert_post($post); … … 2342 2398 $statuses = array(); 2343 2399 foreach ( $comments as $comment ) 2344 2400 $statuses[$comment->comment_ID] = $comment->comment_approved; 2345 add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);2401 wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); 2346 2402 2347 2403 // Set status for all comments to post-trashed 2348 2404 $result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id)); … … 2706 2762 2707 2763 $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); 2708 2764 2709 // expected_slashed (everything!)2710 2765 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); 2711 2766 $data = apply_filters('wp_insert_post_data', $data, $postarr); 2712 $data = stripslashes_deep( $data );2713 2767 $where = array( 'ID' => $post_ID ); 2714 2768 2715 2769 if ( $update ) { … … 2783 2837 else 2784 2838 return 0; 2785 2839 } 2786 update_post_meta($post_ID, '_wp_page_template', $page_template);2840 wp_update_post_meta($post_ID, '_wp_page_template', $page_template); 2787 2841 } 2788 2842 2789 2843 wp_transition_post_status($data['post_status'], $previous_status, $post); … … 2816 2870 if ( is_object($postarr) ) { 2817 2871 // non-escaped post was passed 2818 2872 $postarr = get_object_vars($postarr); 2819 $postarr = add_magic_quotes($postarr);2820 2873 } 2821 2874 2822 2875 // First, get all of the original fields 2823 2876 $post = get_post($postarr['ID'], ARRAY_A); 2824 2877 2825 // Escape data pulled from DB.2826 $post = add_magic_quotes($post);2827 2828 2878 // Passed post category list overwrites existing category list if not empty. 2829 2879 if ( isset($postarr['post_category']) && is_array($postarr['post_category']) 2830 2880 && 0 != count($postarr['post_category']) ) … … 3849 3899 if ( ! isset($pinged) ) 3850 3900 $pinged = ''; 3851 3901 3852 // expected_slashed (everything!)3853 3902 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); 3854 $data = stripslashes_deep( $data );3855 3903 3856 3904 if ( $update ) { 3857 3905 $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); … … 3881 3929 clean_post_cache( $post_ID ); 3882 3930 3883 3931 if ( ! empty( $context ) ) 3884 add_post_meta( $post_ID, '_wp_attachment_context', $context, true );3932 wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); 3885 3933 3886 3934 if ( $update) { 3887 3935 do_action('edit_attachment', $post_ID); … … 4030 4078 4031 4079 $data = apply_filters( 'wp_update_attachment_metadata', $data, $post->ID ); 4032 4080 4033 return update_post_meta( $post->ID, '_wp_attachment_metadata', $data);4081 return wp_update_post_meta( $post->ID, '_wp_attachment_metadata', $data); 4034 4082 } 4035 4083 4036 4084 /** … … 4266 4314 4267 4315 // if we haven't added this old slug before, add it now 4268 4316 if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) ) 4269 add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);4317 wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); 4270 4318 4271 4319 // if the new slug was used previously, delete it from the list 4272 4320 if ( in_array($post->post_name, $old_slugs) ) … … 4694 4742 return; 4695 4743 4696 4744 if ( get_option('default_pingback_flag') ) 4697 add_post_meta( $post_id, '_pingme', '1' );4698 add_post_meta( $post_id, '_encloseme', '1' );4745 wp_add_post_meta( $post_id, '_pingme', '1' ); 4746 wp_add_post_meta( $post_id, '_encloseme', '1' ); 4699 4747 4700 4748 wp_schedule_single_event(time(), 'do_pings'); 4701 4749 } … … 4931 4979 return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) ); 4932 4980 4933 4981 $post = _wp_post_revision_fields( $post, $autosave ); 4934 $post = add_magic_quotes($post); //since data is from db4935 4982 4936 4983 $revision_id = wp_insert_post( $post ); 4937 4984 if ( is_wp_error($revision_id) ) … … 5010 5057 5011 5058 $update['ID'] = $revision['post_parent']; 5012 5059 5013 $update = add_magic_quotes( $update ); //since data is from db5014 5015 5060 $post_id = wp_update_post( $update ); 5016 5061 if ( is_wp_error( $post_id ) ) 5017 5062 return $post_id; … … 5234 5279 if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) { 5235 5280 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ); 5236 5281 if ( ! empty( $thumbnail_html ) ) { 5237 return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );5282 return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); 5238 5283 } 5239 5284 } 5240 5285 return false; -
wp-includes/comment.php
604 604 */ 605 605 function sanitize_comment_cookies() { 606 606 if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { 607 $comment_author = apply_filters('pre_comment_author_name',$_COOKIE['comment_author_'.COOKIEHASH]);608 $comment_author = stripslashes($comment_author);607 $comment_author = stripslashes($_COOKIE['comment_author_'.COOKIEHASH]); 608 $comment_author = apply_filters('pre_comment_author_name', $comment_author); 609 609 $comment_author = esc_attr($comment_author); 610 610 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; 611 611 } 612 612 613 613 if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { 614 $comment_author_email = apply_filters('pre_comment_author_email',$_COOKIE['comment_author_email_'.COOKIEHASH]);615 $comment_author_email = stripslashes($comment_author_email);614 $comment_author_email = stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH]); 615 $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email); 616 616 $comment_author_email = esc_attr($comment_author_email); 617 617 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; 618 618 } 619 619 620 620 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 621 $comment_author_url = apply_filters('pre_comment_author_url',$_COOKIE['comment_author_url_'.COOKIEHASH]);622 $comment_author_url = stripslashes($comment_author_url);621 $comment_author_url = stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH]); 622 $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url); 623 623 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 624 624 } 625 625 } … … 641 641 extract($commentdata, EXTR_SKIP); 642 642 643 643 // Simple duplicate check 644 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 645 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' "; 644 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '" . $wpdb->escape( $comment_post_ID ) . "' AND comment_approved != 'trash' AND ( comment_author = '" . $wpdb->escape( $comment_author ) . "' "; 646 645 if ( $comment_author_email ) 647 $dupe .= "OR comment_author_email = ' $comment_author_email' ";648 $dupe .= ") AND comment_content = ' $comment_content' LIMIT 1";646 $dupe .= "OR comment_author_email = '" . $wpdb->escape( $comment_author_email ) . "' "; 647 $dupe .= ") AND comment_content = '" . $wpdb->escape( $comment_content ) . "' LIMIT 1"; 649 648 if ( $wpdb->get_var($dupe) ) { 650 649 do_action( 'comment_duplicate_trigger', $commentdata ); 651 650 if ( defined('DOING_AJAX') ) … … 1233 1232 */ 1234 1233 function wp_insert_comment($commentdata) { 1235 1234 global $wpdb; 1236 extract( stripslashes_deep($commentdata), EXTR_SKIP);1235 extract($commentdata, EXTR_SKIP); 1237 1236 1238 1237 if ( ! isset($comment_author_IP) ) 1239 1238 $comment_author_IP = ''; … … 1471 1470 $commentarr = wp_filter_comment( $commentarr ); 1472 1471 1473 1472 // Now extract the merged array. 1474 extract( stripslashes_deep($commentarr), EXTR_SKIP);1473 extract($commentarr, EXTR_SKIP); 1475 1474 1476 1475 $comment_content = apply_filters('comment_save_pre', $comment_content); 1477 1476 -
wp-includes/functions.php
468 468 } 469 469 470 470 if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 471 add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );471 wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); 472 472 } 473 473 } 474 474 } -
wp-includes/user.php
1343 1343 } 1344 1344 1345 1345 $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); 1346 $data = stripslashes_deep( $data );1347 1346 1348 1347 if ( $update ) { 1349 1348 $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); … … 1413 1412 $user[ $key ] = get_user_meta( $ID, $key, true ); 1414 1413 } 1415 1414 1416 // Escape data pulled from DB.1417 $user = add_magic_quotes( $user );1418 1419 1415 // If password is changing, hash it now. 1420 1416 if ( ! empty($userdata['user_pass']) ) { 1421 1417 $plaintext_pass = $userdata['user_pass']; -
wp-includes/media.php
1216 1216 1217 1217 // Cache the result 1218 1218 $cache = ( $html ) ? $html : '{{unknown}}'; 1219 update_post_meta( $post_ID, $cachekey, $cache );1219 wp_update_post_meta( $post_ID, $cachekey, $cache ); 1220 1220 1221 1221 // If there was a result, return it 1222 1222 if ( $html ) -
wp-includes/class-wp-xmlrpc-server.php
273 273 $post_id = (int) $post_id; 274 274 275 275 foreach ( (array) $fields as $meta ) { 276 $meta['key'] = stripslashes( $meta['key'] ); 277 $meta['value'] = stripslashes_deep( $meta['value'] ); 276 278 if ( isset($meta['id']) ) { 277 279 $meta['id'] = (int) $meta['id']; 278 280 $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); 279 281 if ( isset($meta['key']) ) { 280 $meta['key'] = stripslashes( $meta['key'] );281 282 if ( $meta['key'] != $pmeta->meta_key ) 282 283 continue; 283 $meta['value'] = stripslashes_deep( $meta['value'] );284 284 if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) 285 285 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); 286 286 } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { 287 287 delete_metadata_by_mid( 'post', $meta['id'] ); 288 288 } 289 289 } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) { 290 add_post_meta( $post_id, $meta['key'], $meta['value'] );290 wp_add_post_meta( $post_id, $meta['key'], $meta['value'] ); 291 291 } 292 292 } 293 293 } … … 3933 3933 } 3934 3934 } 3935 3935 if (!$found) 3936 add_post_meta( $post_ID, 'enclosure', $encstring );3936 wp_add_post_meta( $post_ID, 'enclosure', $encstring ); 3937 3937 } 3938 3938 } 3939 3939 … … 4885 4885 // retain old cats 4886 4886 $cats = wp_get_post_categories($post_ID); 4887 4887 $postdata['post_category'] = $cats; 4888 $this->escape($postdata);4889 4888 4890 4889 $result = wp_update_post($postdata); 4891 4890 -
wp-includes/formatting.php
1662 1662 * @return string Converted content. 1663 1663 */ 1664 1664 function wp_rel_nofollow( $text ) { 1665 // This is a pre save filter, so text is already escaped.1666 $text = stripslashes($text);1667 1665 $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text); 1668 $text = esc_sql($text);1669 1666 return $text; 1670 1667 } 1671 1668 -
wp-includes/kses.php
1364 1364 */ 1365 1365 function kses_init_filters() { 1366 1366 // Normal filtering 1367 add_filter('title_save_pre', 'wp_ filter_kses');1367 add_filter('title_save_pre', 'wp_kses_data'); 1368 1368 1369 1369 // Comment filtering 1370 1370 if ( current_user_can( 'unfiltered_html' ) ) 1371 add_filter( 'pre_comment_content', 'wp_ filter_post_kses' );1371 add_filter( 'pre_comment_content', 'wp_kses_post' ); 1372 1372 else 1373 add_filter( 'pre_comment_content', 'wp_ filter_kses' );1373 add_filter( 'pre_comment_content', 'wp_kses_data' ); 1374 1374 1375 1375 // Post filtering 1376 add_filter('content_save_pre', 'wp_ filter_post_kses');1377 add_filter('excerpt_save_pre', 'wp_ filter_post_kses');1378 add_filter('content_filtered_save_pre', 'wp_ filter_post_kses');1376 add_filter('content_save_pre', 'wp_kses_post'); 1377 add_filter('excerpt_save_pre', 'wp_kses_post'); 1378 add_filter('content_filtered_save_pre', 'wp_kses_post'); 1379 1379 } 1380 1380 1381 1381 /** … … 1392 1392 */ 1393 1393 function kses_remove_filters() { 1394 1394 // Normal filtering 1395 remove_filter('title_save_pre', 'wp_ filter_kses');1395 remove_filter('title_save_pre', 'wp_kses_data'); 1396 1396 1397 1397 // Comment filtering 1398 remove_filter( 'pre_comment_content', 'wp_ filter_post_kses' );1399 remove_filter( 'pre_comment_content', 'wp_ filter_kses' );1398 remove_filter( 'pre_comment_content', 'wp_kses_post' ); 1399 remove_filter( 'pre_comment_content', 'wp_kses_data' ); 1400 1400 1401 1401 // Post filtering 1402 remove_filter('content_save_pre', 'wp_ filter_post_kses');1403 remove_filter('excerpt_save_pre', 'wp_ filter_post_kses');1404 remove_filter('content_filtered_save_pre', 'wp_ filter_post_kses');1402 remove_filter('content_save_pre', 'wp_kses_post'); 1403 remove_filter('excerpt_save_pre', 'wp_kses_post'); 1404 remove_filter('content_filtered_save_pre', 'wp_kses_post'); 1405 1405 } 1406 1406 1407 1407 /** -
wp-includes/meta.php
42 42 43 43 $column = esc_sql($meta_type . '_id'); 44 44 45 // expected_slashed ($meta_key)46 $meta_key = stripslashes($meta_key);47 $meta_value = stripslashes_deep($meta_value);48 45 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 49 46 50 47 $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); … … 113 110 $column = esc_sql($meta_type . '_id'); 114 111 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 115 112 116 // expected_slashed ($meta_key)117 $meta_key = stripslashes($meta_key);118 113 $passed_value = $meta_value; 119 $meta_value = stripslashes_deep($meta_value);120 114 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 121 115 122 116 $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); -
wp-includes/nav-menu.php
376 376 377 377 $menu_item_db_id = (int) $menu_item_db_id; 378 378 379 update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );380 update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (int) $args['menu-item-parent-id'] );381 update_post_meta( $menu_item_db_id, '_menu_item_object_id', (int) $args['menu-item-object-id'] );382 update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );383 update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );379 wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); 380 wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (int) $args['menu-item-parent-id'] ); 381 wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', (int) $args['menu-item-object-id'] ); 382 wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); 383 wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); 384 384 385 385 $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) ); 386 386 $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) ); 387 update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );388 update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );389 update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );387 wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); 388 wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); 389 wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); 390 390 391 391 if ( 0 == $menu_id ) 392 update_post_meta( $menu_item_db_id, '_menu_item_orphaned', time() );392 wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', time() ); 393 393 else 394 394 delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' ); 395 395 -
wp-mail.php
202 202 $post_category = array(get_option('default_email_category')); 203 203 204 204 $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); 205 $post_data = add_magic_quotes($post_data);206 205 207 206 $post_ID = wp_insert_post($post_data); 208 207 if ( is_wp_error( $post_ID ) ) -
wp-admin/includes/bookmark.php
39 39 40 40 if ( !empty( $link_id ) ) { 41 41 $_POST['link_id'] = $link_id; 42 return wp_update_link( $_POST);42 return wp_update_link( stripslashes_deep( $_POST ) ); 43 43 } else { 44 return wp_insert_link( $_POST);44 return wp_insert_link( stripslashes_deep( $_POST ) ); 45 45 } 46 46 } 47 47 … … 137 137 $linkdata = wp_parse_args( $linkdata, $defaults ); 138 138 $linkdata = sanitize_bookmark( $linkdata, 'db' ); 139 139 140 extract( stripslashes_deep( $linkdata ), EXTR_SKIP );140 extract( $linkdata, EXTR_SKIP ); 141 141 142 142 $update = false; 143 143 … … 250 250 251 251 $link = get_bookmark( $link_id, ARRAY_A ); 252 252 253 // Escape data pulled from DB.254 $link = add_magic_quotes( $link );255 256 253 // Passed link category list overwrites existing category list if not empty. 257 254 if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] ) 258 255 && 0 != count( $linkdata['link_category'] ) ) -
wp-admin/includes/taxonomy.php
157 157 // First, get all of the original fields 158 158 $category = get_category($cat_ID, ARRAY_A); 159 159 160 // Escape data pulled from DB.161 $category = add_magic_quotes($category);162 163 160 // Merge old and new fields with new fields overwriting old ones. 164 161 $catarr = array_merge($category, $catarr); 165 162 -
wp-admin/includes/ajax-actions.php
284 284 */ 285 285 286 286 function _wp_ajax_add_hierarchical_term() { 287 $post_data = stripslashes_deep( $_POST ); 287 288 $action = $_POST['action']; 288 289 $taxonomy = get_taxonomy(substr($action, 4)); 289 290 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 290 291 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 291 292 wp_die( -1 ); 292 $names = explode(',', $ _POST['new'.$taxonomy->name]);293 $parent = isset($ _POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;293 $names = explode(',', $post_data['new'.$taxonomy->name]); 294 $parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0; 294 295 if ( 0 > $parent ) 295 296 $parent = 0; 296 297 if ( $taxonomy->name == 'category' ) 297 $post_category = isset( $_POST['post_category']) ? (array) $_POST['post_category'] : array();298 $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array(); 298 299 else 299 $post_category = ( isset( $_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();300 $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array(); 300 301 $checked_categories = array_map( 'absint', (array) $post_category ); 301 302 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 302 303 … … 564 565 check_ajax_referer( $action ); 565 566 if ( !current_user_can( 'manage_categories' ) ) 566 567 wp_die( -1 ); 567 $names = explode( ',', $_POST['newcat']);568 $names = explode( ',', stripslashes( $_POST['newcat'] ) ); 568 569 $x = new WP_Ajax_Response(); 569 570 foreach ( $names as $cat_name ) { 570 571 $cat_name = trim($cat_name); … … 591 592 function wp_ajax_add_tag() { 592 593 global $wp_list_table; 593 594 595 $post_data = stripslashes_deep( $_POST ); 596 594 597 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 595 $post_type = !empty($ _POST['post_type']) ? $_POST['post_type'] : 'post';596 $taxonomy = !empty($ _POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';598 $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post'; 599 $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag'; 597 600 $tax = get_taxonomy($taxonomy); 598 601 599 602 if ( !current_user_can( $tax->cap->edit_terms ) ) … … 601 604 602 605 $x = new WP_Ajax_Response(); 603 606 604 $tag = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST);607 $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); 605 608 606 609 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 607 610 $message = __('An error has occurred. Please reload the page and try again.'); … … 615 618 $x->send(); 616 619 } 617 620 618 set_current_screen( $_POST['screen']);621 set_current_screen( stripslashes( $_POST['screen'] ) ); 619 622 620 623 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 621 624 … … 742 745 $comment_author = $wpdb->escape($user->display_name); 743 746 $comment_author_email = $wpdb->escape($user->user_email); 744 747 $comment_author_url = $wpdb->escape($user->user_url); 745 $comment_content = trim( $_POST['content']);748 $comment_content = trim( stripslashes( $_POST['content'] ) ); 746 749 if ( current_user_can( 'unfiltered_html' ) ) { 747 750 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 748 751 kses_remove_filters(); // start with a clean slate … … 1340 1343 $data = &$_POST; 1341 1344 1342 1345 $post = get_post( $post_ID, ARRAY_A ); 1343 $post = add_magic_quotes($post); //since it is from db1344 1346 1345 1347 $data['content'] = $post['post_content']; 1346 1348 $data['excerpt'] = $post['post_excerpt']; … … 1388 1390 global $wp_list_table; 1389 1391 1390 1392 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1393 1394 $post_data = stripslashes_deep( $_POST ); 1391 1395 1392 $taxonomy = sanitize_key( $ _POST['taxonomy'] );1396 $taxonomy = sanitize_key( $post_data['taxonomy'] ); 1393 1397 $tax = get_taxonomy( $taxonomy ); 1394 1398 if ( ! $tax ) 1395 1399 wp_die( 0 ); … … 1401 1405 1402 1406 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 1403 1407 1404 if ( ! isset($ _POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )1408 if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) ) 1405 1409 wp_die( -1 ); 1406 1410 1407 1411 $tag = get_term( $id, $taxonomy ); 1408 $ _POST['description'] = $tag->description;1412 $post_data['description'] = $tag->description; 1409 1413 1410 $updated = wp_update_term($id, $taxonomy, $ _POST);1414 $updated = wp_update_term($id, $taxonomy, $post_data ); 1411 1415 if ( $updated && !is_wp_error($updated) ) { 1412 1416 $tag = get_term( $updated['term_id'], $taxonomy ); 1413 1417 if ( !$tag || is_wp_error( $tag ) ) { … … 1621 1625 $post_id = null; 1622 1626 } 1623 1627 1624 $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data']: array();1628 $post_data = isset( $_REQUEST['post_data'] ) ? stripslashes_deep( $_REQUEST['post_data'] ) : array(); 1625 1629 1626 1630 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); 1627 1631 … … 1638 1642 1639 1643 if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { 1640 1644 if ( 'custom-background' === $post_data['context'] ) 1641 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );1645 wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); 1642 1646 1643 1647 if ( 'custom-header' === $post_data['context'] ) 1644 update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );1648 wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); 1645 1649 } 1646 1650 1647 1651 $post = get_post( $attachment_id ); … … 1779 1783 wp_die( 0 ); 1780 1784 1781 1785 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; 1782 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );1786 wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); 1783 1787 wp_die( 1 ); 1784 1788 } 1785 1789 -
wp-admin/includes/post.php
139 139 */ 140 140 function edit_post( $post_data = null ) { 141 141 142 if ( empty($post_data) ) 143 $post_data = &$_POST; 142 if ( empty($post_data) ) { 143 $post_data = stripslashes_deep( $_POST ); 144 } 144 145 145 146 // Clear out any data in internal vars. 146 147 unset( $post_data['filter'] ); … … 225 226 226 227 add_meta( $post_ID ); 227 228 228 update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );229 wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); 229 230 230 231 wp_update_post( $post_data ); 231 232 … … 556 557 } 557 558 558 559 // Create the post. 559 $post_ID = wp_insert_post( $_POST);560 $post_ID = wp_insert_post( stripslashes_deep( $_POST ) ); 560 561 if ( is_wp_error( $post_ID ) ) 561 562 return $post_ID; 562 563 … … 565 566 566 567 add_meta( $post_ID ); 567 568 568 add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );569 wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); 569 570 570 571 // Now that we have an ID we can fix any attachment anchor hrefs 571 572 _fix_attachment_links( $post_ID ); … … 630 631 631 632 $metakey = esc_sql( $metakey ); 632 633 633 return add_post_meta( $post_ID, $metakey, $metavalue );634 return wp_add_post_meta( $post_ID, $metakey, $metavalue ); 634 635 } 635 636 636 637 return false; … … 764 765 765 766 if ( $replace ) { 766 767 $post['post_content'] = $content; 767 // Escape data pulled from DB.768 $post = add_magic_quotes($post);769 768 770 769 return wp_update_post($post); 771 770 } … … 1196 1195 $now = time(); 1197 1196 $lock = "$now:$user_id"; 1198 1197 1199 update_post_meta( $post->ID, '_edit_lock', $lock );1198 wp_update_post_meta( $post->ID, '_edit_lock', $lock ); 1200 1199 return array( $now, $user_id ); 1201 1200 } 1202 1201 -
wp-admin/includes/misc.php
322 322 323 323 if ( !$user = wp_get_current_user() ) 324 324 return; 325 $option = $_POST['wp_screen_options']['option'];326 $value = $_POST['wp_screen_options']['value'];325 $option = stripslashes( $_POST['wp_screen_options']['option'] ); 326 $value = stripslashes_deep( $_POST['wp_screen_options']['value'] ); 327 327 328 328 if ( !preg_match( '/^[a-z_-]+$/', $option ) ) 329 329 return; -
wp-admin/includes/comment.php
19 19 function comment_exists($comment_author, $comment_date) { 20 20 global $wpdb; 21 21 22 $comment_author = stripslashes($comment_author);23 $comment_date = stripslashes($comment_date);24 25 22 return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments 26 23 WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); 27 24 } … … 33 30 */ 34 31 function edit_comment() { 35 32 36 if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) ) 33 $post_data = stripslashes_deep( $_POST ); 34 35 if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) ) 37 36 wp_die ( __( 'You are not allowed to edit comments on this post.' ) ); 38 37 39 $ _POST['comment_author'] = $_POST['newcomment_author'];40 $ _POST['comment_author_email'] = $_POST['newcomment_author_email'];41 $ _POST['comment_author_url'] = $_POST['newcomment_author_url'];42 $ _POST['comment_approved'] = $_POST['comment_status'];43 $ _POST['comment_content'] = $_POST['content'];44 $ _POST['comment_ID'] = (int) $_POST['comment_ID'];38 $post_data['comment_author'] = $post_data['newcomment_author']; 39 $post_data['comment_author_email'] = $post_data['newcomment_author_email']; 40 $post_data['comment_author_url'] = $post_data['newcomment_author_url']; 41 $post_data['comment_approved'] = $post_data['comment_status']; 42 $post_data['comment_content'] = $post_data['content']; 43 $post_data['comment_ID'] = (int) $post_data['comment_ID']; 45 44 46 45 foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { 47 if ( !empty( $ _POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {46 if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) { 48 47 $_POST['edit_date'] = '1'; 49 48 break; 50 49 } 51 50 } 52 51 53 if ( !empty ( $ _POST['edit_date'] ) ) {54 $aa = $ _POST['aa'];55 $mm = $ _POST['mm'];56 $jj = $ _POST['jj'];57 $hh = $ _POST['hh'];58 $mn = $ _POST['mn'];59 $ss = $ _POST['ss'];52 if ( !empty ( $post_data['edit_date'] ) ) { 53 $aa = $post_data['aa']; 54 $mm = $post_data['mm']; 55 $jj = $post_data['jj']; 56 $hh = $post_data['hh']; 57 $mn = $post_data['mn']; 58 $ss = $post_data['ss']; 60 59 $jj = ($jj > 31 ) ? 31 : $jj; 61 60 $hh = ($hh > 23 ) ? $hh -24 : $hh; 62 61 $mn = ($mn > 59 ) ? $mn -60 : $mn; 63 62 $ss = ($ss > 59 ) ? $ss -60 : $ss; 64 $ _POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";63 $post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 65 64 } 66 65 67 wp_update_comment( $ _POST);66 wp_update_comment( $post_data ); 68 67 } 69 68 70 69 /** -
wp-admin/includes/image-edit.php
439 439 } 440 440 } 441 441 442 if ( !wp_update_attachment_metadata($post_id, $meta) || ! update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {442 if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { 443 443 $msg->error = __('Cannot save image metadata.'); 444 444 return $msg; 445 445 } … … 602 602 603 603 if ( $success ) { 604 604 wp_update_attachment_metadata($post_id, $meta); 605 update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);605 wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); 606 606 607 607 if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) { 608 608 $file_url = wp_get_attachment_url($post_id); -
wp-admin/includes/user.php
38 38 } else { 39 39 $update = false; 40 40 } 41 42 // get clean data before we get started. 43 $post_data = stripslashes_deep( $_POST ); 41 44 42 if ( !$update && isset( $ _POST['user_login'] ) )43 $user->user_login = sanitize_user($ _POST['user_login'], true);45 if ( !$update && isset( $post_data['user_login'] ) ) 46 $user->user_login = sanitize_user($post_data['user_login'], true); 44 47 45 48 $pass1 = $pass2 = ''; 46 if ( isset( $ _POST['pass1'] ))47 $pass1 = $ _POST['pass1'];48 if ( isset( $ _POST['pass2'] ))49 $pass2 = $ _POST['pass2'];49 if ( isset( $post_data['pass1'] )) 50 $pass1 = $post_data['pass1']; 51 if ( isset( $post_data['pass2'] )) 52 $pass2 = $post_data['pass2']; 50 53 51 if ( isset( $ _POST['role'] ) && current_user_can( 'edit_users' ) ) {52 $new_role = sanitize_text_field( $ _POST['role'] );54 if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) { 55 $new_role = sanitize_text_field( $post_data['role'] ); 53 56 $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; 54 57 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 55 58 // Multisite super admins can freely edit their blog roles -- they possess all caps. … … 62 65 wp_die(__('You can’t give users that role.')); 63 66 } 64 67 65 if ( isset( $ _POST['email'] ))66 $user->user_email = sanitize_text_field( $ _POST['email'] );67 if ( isset( $ _POST['url'] ) ) {68 if ( empty ( $ _POST['url'] ) || $_POST['url'] == 'http://' ) {68 if ( isset( $post_data['email'] )) 69 $user->user_email = sanitize_text_field( $post_data['email'] ); 70 if ( isset( $post_data['url'] ) ) { 71 if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) { 69 72 $user->user_url = ''; 70 73 } else { 71 $user->user_url = esc_url_raw( $ _POST['url'] );74 $user->user_url = esc_url_raw( $post_data['url'] ); 72 75 $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); 73 76 $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 74 77 } 75 78 } 76 if ( isset( $ _POST['first_name'] ) )77 $user->first_name = sanitize_text_field( $ _POST['first_name'] );78 if ( isset( $ _POST['last_name'] ) )79 $user->last_name = sanitize_text_field( $ _POST['last_name'] );80 if ( isset( $ _POST['nickname'] ) )81 $user->nickname = sanitize_text_field( $ _POST['nickname'] );82 if ( isset( $ _POST['display_name'] ) )83 $user->display_name = sanitize_text_field( $ _POST['display_name'] );79 if ( isset( $post_data['first_name'] ) ) 80 $user->first_name = sanitize_text_field( $post_data['first_name'] ); 81 if ( isset( $post_data['last_name'] ) ) 82 $user->last_name = sanitize_text_field( $post_data['last_name'] ); 83 if ( isset( $post_data['nickname'] ) ) 84 $user->nickname = sanitize_text_field( $post_data['nickname'] ); 85 if ( isset( $post_data['display_name'] ) ) 86 $user->display_name = sanitize_text_field( $post_data['display_name'] ); 84 87 85 if ( isset( $ _POST['description'] ) )86 $user->description = trim( $ _POST['description'] );88 if ( isset( $post_data['description'] ) ) 89 $user->description = trim( $post_data['description'] ); 87 90 88 91 foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) { 89 if ( isset( $ _POST[$method] ))90 $user->$method = sanitize_text_field( $ _POST[$method] );92 if ( isset( $post_data[$method] )) 93 $user->$method = sanitize_text_field( $post_data[$method] ); 91 94 } 92 95 93 96 if ( $update ) { 94 $user->rich_editing = isset( $ _POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';95 $user->admin_color = isset( $ _POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';96 $user->show_admin_bar_front = isset( $ _POST['admin_bar_front'] ) ? 'true' : 'false';97 $user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true'; 98 $user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh'; 99 $user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false'; 97 100 } 98 101 99 $user->comment_shortcuts = isset( $ _POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';102 $user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : ''; 100 103 101 104 $user->use_ssl = 0; 102 if ( !empty($ _POST['use_ssl']) )105 if ( !empty($post_data['use_ssl']) ) 103 106 $user->use_ssl = 1; 104 107 105 108 $errors = new WP_Error(); … … 134 137 if ( !empty( $pass1 ) ) 135 138 $user->user_pass = $pass1; 136 139 137 if ( !$update && isset( $ _POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )140 if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) ) 138 141 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' )); 139 142 140 143 if ( !$update && username_exists( $user->user_login ) ) … … 159 162 $user_id = wp_update_user( $user ); 160 163 } else { 161 164 $user_id = wp_insert_user( $user ); 162 wp_new_user_notification( $user_id, isset($ _POST['send_password']) ? $pass1 : '' );165 wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' ); 163 166 } 164 167 return $user_id; 165 168 } -
wp-admin/includes/media.php
423 423 } 424 424 425 425 if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { 426 $attachment = stripslashes_deep( $attachment ); 427 426 428 $post = $_post = get_post($attachment_id, ARRAY_A); 427 429 $post_type_object = get_post_type_object( $post[ 'post_type' ] ); 428 430 … … 447 449 448 450 if ( isset($attachment['image_alt']) ) { 449 451 $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true); 450 if ( $image_alt != stripslashes($attachment['image_alt'])) {451 $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );452 if ( $image_alt != $attachment['image_alt'] ) { 453 $image_alt = wp_strip_all_tags( $attachment['image_alt'], true ); 452 454 // update_meta expects slashed 453 update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt));455 wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt ); 454 456 } 455 457 } 456 458 -
wp-admin/edit-tags.php
47 47 if ( !current_user_can( $tax->cap->edit_terms ) ) 48 48 wp_die( __( 'Cheatin’ uh?' ) ); 49 49 50 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); 50 $post_data = stripslashes_deep( $_POST ); 51 52 $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); 51 53 $location = 'edit-tags.php?taxonomy=' . $taxonomy; 52 54 if ( 'post' != $post_type ) 53 55 $location .= '&post_type=' . $post_type; … … 132 134 break; 133 135 134 136 case 'editedtag': 135 $tag_ID = (int) $_POST['tag_ID']; 137 138 $post_data = stripslashes_deep( $_POST ); 139 140 $tag_ID = (int) $post_data['tag_ID']; 136 141 check_admin_referer( 'update-tag_' . $tag_ID ); 137 142 138 143 if ( !current_user_can( $tax->cap->edit_terms ) ) … … 142 147 if ( ! $tag ) 143 148 wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); 144 149 145 $ret = wp_update_term( $tag_ID, $taxonomy, $ _POST);150 $ret = wp_update_term( $tag_ID, $taxonomy, $post_data ); 146 151 147 152 $location = 'edit-tags.php?taxonomy=' . $taxonomy; 148 153 if ( 'post' != $post_type ) -
wp-admin/custom-header.php
992 992 'width' => $choice['width'], 993 993 ); 994 994 995 update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );995 wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); 996 996 set_theme_mod( 'header_image', $choice['url'] ); 997 997 set_theme_mod( 'header_image_data', $header_image_data ); 998 998 return; -
wp-admin/media.php
32 32 } 33 33 if ( false !== strpos($location, 'upload.php') ) { 34 34 $location = remove_query_arg('message', $location); 35 $location = add_query_arg('posted', 35 $location = add_query_arg('posted', $attachment_id, $location); 36 36 } elseif ( false !== strpos($location, 'media.php') ) { 37 37 $location = add_query_arg('message', 'updated', $location); 38 38 } -
wp-admin/nav-menus.php
104 104 if ( ! is_wp_error( $parent_object ) ) { 105 105 $parent_data = (array) $parent_object; 106 106 $menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent']; 107 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );107 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 108 108 109 109 } 110 110 … … 114 114 $menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1; 115 115 116 116 $menu_item_data['menu_item_parent'] = $next_item_data['ID']; 117 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );117 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 118 118 119 119 wp_update_post($menu_item_data); 120 120 wp_update_post($next_item_data); … … 126 126 in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids ) 127 127 ) { 128 128 $menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true); 129 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );129 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 130 130 } 131 131 } 132 132 } … … 201 201 $menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1; 202 202 203 203 // save changes 204 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );204 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 205 205 wp_update_post($menu_item_data); 206 206 wp_update_post($parent_data); 207 207 } … … 216 216 ) { 217 217 // just make it a child of the previous; keep the order 218 218 $menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1]; 219 update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );219 wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); 220 220 wp_update_post($menu_item_data); 221 221 } 222 222 } -
wp-admin/custom-background.php
381 381 382 382 // Add the meta-data 383 383 wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); 384 update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );384 wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); 385 385 386 386 set_theme_mod('background_image', esc_url_raw($url)); 387 387 … … 422 422 if ( in_array( $_POST['size'], $sizes ) ) 423 423 $size = esc_attr( $_POST['size'] ); 424 424 425 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );425 wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); 426 426 $url = wp_get_attachment_image_src( $attachment_id, $size ); 427 427 $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' ); 428 428 set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );