WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 04:28:40 PM (12 years ago)
Author:
ryan
Message:

Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/includes/media.php

    r23416 r23554  
    445445
    446446    if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
    447         $attachment = wp_unslash( $attachment );
    448    
    449447        $post = $_post = get_post($attachment_id, ARRAY_A);
    450448        $post_type_object = get_post_type_object( $post[ 'post_type' ] );
     
    471469        if ( isset($attachment['image_alt']) ) {
    472470            $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
    473             if ( $image_alt != $attachment['image_alt'] ) {
    474                 $image_alt = wp_strip_all_tags( $attachment['image_alt'], true );
    475                 wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt );
     471            if ( $image_alt != stripslashes($attachment['image_alt']) ) {
     472                $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
     473                // update_meta expects slashed
     474                update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
    476475            }
    477476        }
     
    503502
    504503    if ( isset($send_id) ) {
    505         $attachment = wp_unslash( $_POST['attachments'][$send_id] );
     504        $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
    506505
    507506        $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
     
    548547
    549548        if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) {
    550             $title = esc_html( wp_unslash( $_POST['title'] ) );
     549            $title = esc_html( stripslashes( $_POST['title'] ) );
    551550            if ( empty( $title ) )
    552551                $title = esc_html( basename( $src ) );
     
    563562        } else {
    564563            $align = '';
    565             $alt = esc_attr( wp_unslash( $_POST['alt'] ) );
     564            $alt = esc_attr( stripslashes( $_POST['alt'] ) );
    566565            if ( isset($_POST['align']) ) {
    567                 $align = esc_attr( wp_unslash( $_POST['align'] ) );
     566                $align = esc_attr( stripslashes( $_POST['align'] ) );
    568567                $class = " class='align$align'";
    569568            }
Note: See TracChangeset for help on using the changeset viewer.