WordPress.org

Make WordPress Core

Changeset 1405


Ignore:
Timestamp:
06/11/04 08:02:40 (11 years ago)
Author:
rboren
Message:

Get our slashes straight.

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/post.php

    r1399 r1405  
    5151        $excerpt = balanceTags($_POST['excerpt']); 
    5252        $excerpt = format_to_post($excerpt); 
    53         $post_title = addslashes($_POST['post_title']); 
     53        $post_title = $_POST['post_title']; 
    5454        $post_categories = $_POST['post_category']; 
    5555        if(get_settings('use_geo_positions')) { 
     
    6969        $ping_status = $_POST['ping_status']; 
    7070        if (empty($ping_status)) $ping_status = get_settings('default_ping_status'); 
    71         $post_password = addslashes(stripslashes($_POST['post_password'])); 
     71        $post_password = $_POST['post_password']; 
    7272         
    7373        if (empty($post_name)) 
     
    279279        $excerpt = balanceTags($_POST['excerpt']); 
    280280        $excerpt = format_to_post($excerpt); 
    281         $post_title = addslashes($_POST['post_title']); 
     281        $post_title = $_POST['post_title']; 
    282282        if(get_settings('use_geo_positions')) { 
    283283            $latf = floatval($_POST["post_latf"]); 
     
    302302        if (empty($ping_status)) $ping_status = 'closed'; 
    303303        //if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status'); 
    304         $post_password = addslashes($_POST['post_password']); 
     304        $post_password = $_POST['post_password']; 
    305305        $post_name = sanitize_title($_POST['post_name']); 
    306306        if (empty($post_name)) $post_name = sanitize_title($post_title); 
     
    671671    $newcomment_author_email = $_POST['newcomment_author_email']; 
    672672    $newcomment_author_url = $_POST['newcomment_author_url']; 
    673     $newcomment_author = addslashes($newcomment_author); 
    674     $newcomment_author_email = addslashes($newcomment_author_email); 
    675     $newcomment_author_url = addslashes($newcomment_author_url); 
    676673 
    677674    if (($user_level > 4) && (!empty($_POST['edit_date']))) { 
  • trunk/wp-comments-post.php

    r1355 r1405  
    8787do_action('comment_post', $comment_ID); 
    8888 
    89 setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH); 
    90 setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH); 
    91 setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH); 
     89setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH); 
     90setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH); 
     91setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH); 
    9292 
    9393header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); 
  • trunk/wp-includes/functions-formatting.php

    r1404 r1405  
    268268 
    269269function format_to_edit($content) { 
    270     $content = stripslashes($content); 
    271270    $content = apply_filters('format_to_edit', $content); 
    272271    $content = htmlspecialchars($content); 
  • trunk/wp-includes/template-functions-comment.php

    r1402 r1405  
    2222    if ( $single || $withcomments ) : 
    2323        $req = get_settings('require_name_email'); 
    24         $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : ''; 
    25         $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : ''; 
    26         $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : ''; 
     24        $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : ''; 
     25        $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : ''; 
     26        $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : ''; 
    2727        $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date"); 
    2828        include(ABSPATH . 'wp-comments.php'); 
  • trunk/wp-includes/template-functions-post.php

    r1393 r1405  
    103103 
    104104    if (!empty($post->post_password)) { // if there's a password 
    105         if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie 
     105        if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) {  // and it doesn't match the cookie 
    106106            $output = get_the_password_form(); 
    107107            return $output; 
     
    179179    global $cookiehash; 
    180180    $output = ''; 
    181     $output = stripslashes($post->post_excerpt); 
     181    $output = $post->post_excerpt; 
    182182    if (!empty($post->post_password)) { // if there's a password 
    183183        if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie 
     
    189189    // If we haven't got an excerpt, make one in the style of the rss ones 
    190190    if (($output == '') && $fakeit) { 
    191         $output = $post->post_content; 
     191        $output = stripslashes($post->post_content); 
    192192        $output = strip_tags($output); 
    193193        $blah = explode(' ', $output); 
  • trunk/wp-pass.php

    r1108 r1405  
    66*/ 
    77require(dirname(__FILE__) . '/wp-config.php'); 
    8 setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30); 
     8setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30); 
    99header('Location: ' . $_SERVER['HTTP_REFERER']); 
    1010 
Note: See TracChangeset for help on using the changeset viewer.