Changeset 23416 for trunk/wp-includes/class-wp.php
- Timestamp:
- 02/14/2013 10:51:06 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/class-wp.php
r23267 r23416 143 143 144 144 if ( isset($_SERVER['PATH_INFO']) ) 145 $pathinfo = $_SERVER['PATH_INFO'];145 $pathinfo = wp_unslash( $_SERVER['PATH_INFO'] ); 146 146 else 147 147 $pathinfo = ''; 148 148 $pathinfo_array = explode('?', $pathinfo); 149 149 $pathinfo = str_replace("%", "%25", $pathinfo_array[0]); 150 $req_uri = $_SERVER['REQUEST_URI'];150 $req_uri = wp_unslash( $_SERVER['REQUEST_URI'] ); 151 151 $req_uri_array = explode('?', $req_uri); 152 152 $req_uri = $req_uri_array[0]; 153 $self = $_SERVER['PHP_SELF'];153 $self = wp_unslash( $_SERVER['PHP_SELF'] ); 154 154 $home_path = parse_url(home_url()); 155 155 if ( isset($home_path['path']) ) … … 256 256 $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; 257 257 elseif ( isset( $_POST[$wpvar] ) ) 258 $this->query_vars[$wpvar] = $_POST[$wpvar];258 $this->query_vars[$wpvar] = wp_unslash( $_POST[$wpvar] ); 259 259 elseif ( isset( $_GET[$wpvar] ) ) 260 $this->query_vars[$wpvar] = $_GET[$wpvar];260 $this->query_vars[$wpvar] = wp_unslash( $_GET[$wpvar] ); 261 261 elseif ( isset( $perma_query_vars[$wpvar] ) ) 262 262 $this->query_vars[$wpvar] = $perma_query_vars[$wpvar]; … … 357 357 // Support for Conditional GET 358 358 if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) 359 $client_etag = stripslashes( stripslashes($_SERVER['HTTP_IF_NONE_MATCH']));359 $client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597 360 360 else $client_etag = false; 361 361
Note: See TracChangeset
for help on using the changeset viewer.