Make WordPress Core

Ticket #28722: wp-admin.patch

File wp-admin.patch, 1.4 KB (added by sergej.mueller, 10 years ago)

stripslashes() instead of filter_input()

  • wp-admin/load-styles.php

     
    134134        }
    135135}
    136136
     137$md5_file = md5($out);
     138
     139// Use stripslashes to avoid formatting.php (wp_unslash) dependency
     140if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $md5_file ) {
     141        header('HTTP/1.1 304 Not Modified');
     142        exit();
     143}
     144
     145header('Etag: ' .$md5_file);
    137146header('Content-Type: text/css; charset=UTF-8');
    138147header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
    139148header("Cache-Control: public, max-age=$expires_offset");
  • wp-admin/load-scripts.php

     
    143143        $out .= get_file($path) . "\n";
    144144}
    145145
     146$md5_file = md5($out);
     147
     148// Use stripslashes to avoid formatting.php (wp_unslash) dependency
     149if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $md5_file ) {
     150        header('HTTP/1.1 304 Not Modified');
     151        exit();
     152}
     153
     154header('Etag: ' .$md5_file);
    146155header('Content-Type: application/x-javascript; charset=UTF-8');
    147156header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
    148157header("Cache-Control: public, max-age=$expires_offset");