Context Navigation

Changeset 1512

Timestamp:

08/06/2004 01:28:51 AM (21 years ago)

Author:

rboren

Message:

In sanitize_title(), strip_tags() before sanitizing, not after. In post.php, if post name is empty, pass the post title to the sanitizer.

Location:

trunk

Files:

-                      r1503
+                      r1512
         //if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
         $post_password = $_POST['post_password'];
+        $post_name = sanitize_title($_POST['post_name'], $post_ID);
+        $post_name = $_POST['post_name'];
+        if (empty($post_name)) {
+          $post_name = $post_title;
+        }
+        $post_name = sanitize_title($post_name, $post_ID);
         if (empty($post_name)) $post_name = sanitize_title($post_title);
         $trackback = $_POST['trackback_url'];

-                      r1488
+                      r1512
 function sanitize_title($title, $fallback_title = '') {
+    $title = strip_tags($title);
     $title = apply_filters('sanitize_title', $title);
+    $title = strip_tags($title);
     if (empty($title)) {
         $title = $fallback_title;

Note: See TracChangeset for help on using the changeset viewer.