WordPress.org

Make WordPress Core

Changeset 1405


Ignore:
Timestamp:
06/11/2004 08:02:40 AM (14 years ago)
Author:
rboren
Message:

Get our slashes straight.

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/post.php

    r1399 r1405  
    5151        $excerpt = balanceTags($_POST['excerpt']);
    5252        $excerpt = format_to_post($excerpt);
    53         $post_title = addslashes($_POST['post_title']);
     53        $post_title = $_POST['post_title'];
    5454        $post_categories = $_POST['post_category'];
    5555        if(get_settings('use_geo_positions')) {
     
    6969        $ping_status = $_POST['ping_status'];
    7070        if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
    71         $post_password = addslashes(stripslashes($_POST['post_password']));
     71        $post_password = $_POST['post_password'];
    7272       
    7373        if (empty($post_name))
     
    279279        $excerpt = balanceTags($_POST['excerpt']);
    280280        $excerpt = format_to_post($excerpt);
    281         $post_title = addslashes($_POST['post_title']);
     281        $post_title = $_POST['post_title'];
    282282        if(get_settings('use_geo_positions')) {
    283283            $latf = floatval($_POST["post_latf"]);
     
    302302        if (empty($ping_status)) $ping_status = 'closed';
    303303        //if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
    304         $post_password = addslashes($_POST['post_password']);
     304        $post_password = $_POST['post_password'];
    305305        $post_name = sanitize_title($_POST['post_name']);
    306306        if (empty($post_name)) $post_name = sanitize_title($post_title);
     
    671671    $newcomment_author_email = $_POST['newcomment_author_email'];
    672672    $newcomment_author_url = $_POST['newcomment_author_url'];
    673     $newcomment_author = addslashes($newcomment_author);
    674     $newcomment_author_email = addslashes($newcomment_author_email);
    675     $newcomment_author_url = addslashes($newcomment_author_url);
    676673
    677674    if (($user_level > 4) && (!empty($_POST['edit_date']))) {
  • trunk/wp-comments-post.php

    r1355 r1405  
    8787do_action('comment_post', $comment_ID);
    8888
    89 setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
    90 setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
    91 setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
     89setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
     90setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
     91setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
    9292
    9393header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
  • trunk/wp-includes/functions-formatting.php

    r1404 r1405  
    268268
    269269function format_to_edit($content) {
    270     $content = stripslashes($content);
    271270    $content = apply_filters('format_to_edit', $content);
    272271    $content = htmlspecialchars($content);
  • trunk/wp-includes/template-functions-comment.php

    r1402 r1405  
    2222    if ( $single || $withcomments ) :
    2323        $req = get_settings('require_name_email');
    24         $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
    25         $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
    26         $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
     24        $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
     25        $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
     26        $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
    2727        $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
    2828        include(ABSPATH . 'wp-comments.php');
  • trunk/wp-includes/template-functions-post.php

    r1393 r1405  
    103103
    104104    if (!empty($post->post_password)) { // if there's a password
    105         if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
     105        if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) {  // and it doesn't match the cookie
    106106            $output = get_the_password_form();
    107107            return $output;
     
    179179    global $cookiehash;
    180180    $output = '';
    181     $output = stripslashes($post->post_excerpt);
     181    $output = $post->post_excerpt;
    182182    if (!empty($post->post_password)) { // if there's a password
    183183        if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
     
    189189    // If we haven't got an excerpt, make one in the style of the rss ones
    190190    if (($output == '') && $fakeit) {
    191         $output = $post->post_content;
     191        $output = stripslashes($post->post_content);
    192192        $output = strip_tags($output);
    193193        $blah = explode(' ', $output);
  • trunk/wp-pass.php

    r1108 r1405  
    66*/
    77require(dirname(__FILE__) . '/wp-config.php');
    8 setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30);
     8setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30);
    99header('Location: ' . $_SERVER['HTTP_REFERER']);
    1010
Note: See TracChangeset for help on using the changeset viewer.