Changeset 23554 for trunk/wp-trackback.php
- Timestamp:
- 03/01/2013 04:28:40 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-trackback.php
r23416 r23554 46 46 47 47 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 48 $title = isset($_POST['title']) ? wp_unslash( $_POST['title']) : '';49 $excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt']) : '';50 $blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name']) : '';48 $title = isset($_POST['title']) ? stripslashes($_POST['title']) : ''; 49 $excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : ''; 50 $blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : ''; 51 51 52 52 if ($charset) … … 64 64 $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); 65 65 } 66 67 // Now that mb_convert_encoding() has been given a swing, we need to escape these three 68 $title = $wpdb->escape($title); 69 $excerpt = $wpdb->escape($excerpt); 70 $blog_name = $wpdb->escape($blog_name); 66 71 67 72 if ( is_single() || is_page() )
Note: See TracChangeset
for help on using the changeset viewer.