Make WordPress Core


Ignore:
Timestamp:
03/01/2013 04:28:40 PM (12 years ago)
Author:
ryan
Message:

Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/users.php

    r23416 r23554  
    6565
    6666if ( empty($_REQUEST) ) {
    67     $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
     67    $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
    6868} elseif ( isset($_REQUEST['wp_http_referer']) ) {
    69     $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) );
     69    $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
    7070    $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
    7171} else {
     
    358358
    359359    if ( !empty($_GET['_wp_http_referer']) ) {
    360         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
     360        wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
    361361        exit;
    362362    }
     
    382382            if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) {
    383383                $messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ),
    384                     esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
     384                    esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ),
    385385                        self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>';
    386386            } else {
Note: See TracChangeset for help on using the changeset viewer.