WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 04:28:40 PM (12 years ago)
Author:
ryan
Message:

Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-includes/ms-functions.php

    r23535 r23554  
    280280 */
    281281function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) {
     282    $domain         = addslashes( $domain );
     283    $weblog_title   = addslashes( $weblog_title );
     284
    282285    if ( empty($path) )
    283286        $path = '/';
     
    580583    $blogname = apply_filters( 'newblogname', $blogname );
    581584
    582     $blog_title = $blog_title;
     585    $blog_title = stripslashes(  $blog_title );
    583586
    584587    if ( empty( $blog_title ) )
     
    633636
    634637    $key = substr( md5( time() . rand() . $domain ), 0, 16 );
    635     $meta = serialize( $meta );
     638    $meta = serialize($meta);
     639    $domain = $wpdb->escape($domain);
     640    $path = $wpdb->escape($path);
     641    $title = $wpdb->escape($title);
    636642
    637643    $wpdb->insert( $wpdb->signups, array(
     
    646652    ) );
    647653
    648     wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta );
     654    wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta);
    649655}
    650656
     
    835841
    836842    $meta = maybe_unserialize($signup->meta);
    837     $user_login = $signup->user_login;
    838     $user_email = $signup->user_email;
     843    $user_login = $wpdb->escape($signup->user_login);
     844    $user_email = $wpdb->escape($signup->user_email);
    839845    $password = wp_generate_password( 12, false );
    840846
     
    11521158        update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) );
    11531159
    1154     update_option( 'blogname', $blog_title );
     1160    update_option( 'blogname', stripslashes( $blog_title ) );
    11551161    update_option( 'admin_email', '' );
    11561162
     
    12091215        return false;
    12101216
    1211     $welcome_email = get_site_option( 'welcome_email' );
     1217    $welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
    12121218    if ( $welcome_email == false )
    1213         $welcome_email = __( 'Dear User,
     1219        $welcome_email = stripslashes( __( 'Dear User,
    12141220
    12151221Your new SITE_NAME site has been successfully set up at:
     
    12231229We hope you enjoy your new site. Thanks!
    12241230
    1225 --The Team @ SITE_NAME' );
     1231--The Team @ SITE_NAME' ) );
    12261232
    12271233    $url = get_blogaddress_by_id($blog_id);
     
    12471253        $current_site->site_name = 'WordPress';
    12481254
    1249     $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, $title ) );
     1255    $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) );
    12501256    wp_mail($user->user_email, $subject, $message, $message_headers);
    12511257    return true;
     
    14761482    global $wpdb;
    14771483    $user = get_userdata( (int) $user_id );
    1478     $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
     1484    $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
    14791485}
    14801486
Note: See TracChangeset for help on using the changeset viewer.