WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 04:28:40 PM (7 years ago)
Author:
ryan
Message:

Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-trackback.php

    r23416 r23554  
    4646
    4747// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
    48 $title     = isset($_POST['title'])     ? wp_unslash( $_POST['title'] )      : '';
    49 $excerpt   = isset($_POST['excerpt'])   ? wp_unslash( $_POST['excerpt'] )    : '';
    50 $blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] )  : '';
     48$title     = isset($_POST['title'])     ? stripslashes($_POST['title'])      : '';
     49$excerpt   = isset($_POST['excerpt'])   ? stripslashes($_POST['excerpt'])    : '';
     50$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name'])  : '';
    5151
    5252if ($charset)
     
    6464    $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
    6565}
     66
     67// Now that mb_convert_encoding() has been given a swing, we need to escape these three
     68$title     = $wpdb->escape($title);
     69$excerpt   = $wpdb->escape($excerpt);
     70$blog_name = $wpdb->escape($blog_name);
    6671
    6772if ( is_single() || is_page() )
Note: See TracChangeset for help on using the changeset viewer.