Changeset 23416 for trunk/wp-trackback.php
- Timestamp:
- 02/14/2013 10:51:06 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-trackback.php
r19712 r23416 46 46 47 47 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 48 $title = isset($_POST['title']) ? stripslashes($_POST['title']) : '';49 $excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';50 $blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';48 $title = isset($_POST['title']) ? wp_unslash( $_POST['title'] ) : ''; 49 $excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt'] ) : ''; 50 $blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] ) : ''; 51 51 52 52 if ($charset) … … 64 64 $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); 65 65 } 66 67 // Now that mb_convert_encoding() has been given a swing, we need to escape these three68 $title = $wpdb->escape($title);69 $excerpt = $wpdb->escape($excerpt);70 $blog_name = $wpdb->escape($blog_name);71 66 72 67 if ( is_single() || is_page() )
Note: See TracChangeset
for help on using the changeset viewer.