Make WordPress Core


Ignore:
Timestamp:
09/14/2012 07:32:53 PM (12 years ago)
Author:
nacin
Message:

Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r21828 r21850  
    27902790        case 'blogdescription':
    27912791        case 'blogname':
    2792             $value = addslashes($value);
    2793             $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
    2794             $value = stripslashes($value);
     2792            $value = wp_kses_post( $value );
    27952793            $value = esc_html( $value );
    27962794            break;
     
    28082806        case 'upload_path':
    28092807            $value = strip_tags($value);
    2810             $value = addslashes($value);
    2811             $value = wp_filter_kses($value); // calls stripslashes then addslashes
    2812             $value = stripslashes($value);
     2808            $value = wp_kses_data($value);
    28132809            break;
    28142810
Note: See TracChangeset for help on using the changeset viewer.