WordPress.org

Make WordPress Core

Changeset 23563


Ignore:
Timestamp:
03/01/2013 05:00:25 PM (6 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

Location:
trunk/wp-admin
Files:
28 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin.php

    r23554 r23563  
    4444} elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) {
    4545    if ( !is_multisite() ) {
    46         wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
     46        wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
    4747        exit;
    4848    } elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
     
    8383
    8484if ( isset($_GET['page']) ) {
    85     $plugin_page = stripslashes($_GET['page']);
     85    $plugin_page = wp_unslash( $_GET['page'] );
    8686    $plugin_page = plugin_basename($plugin_page);
    8787}
  • trunk/wp-admin/edit-comments.php

    r23554 r23563  
    2121
    2222    if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
    23         $comment_status = $wpdb->escape( $_REQUEST['comment_status'] );
    24         $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
    25         $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" );
     23        $comment_status = $_REQUEST['comment_status'];
     24        $delete_time = $_REQUEST['pagegen_timestamp'];
     25        $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
    2626        $doaction = 'delete';
    2727    } elseif ( isset( $_REQUEST['delete_comments'] ) ) {
     
    9696    exit;
    9797} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
    98      wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
     98     wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
    9999     exit;
    100100}
     
    154154
    155155if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
    156     printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
     156    printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
    157157</h2>
    158158
  • trunk/wp-admin/edit-form-advanced.php

    r23554 r23563  
    315315<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
    316316<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
    317 <input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
     317<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
    318318<?php if ( ! empty( $active_post_lock ) ) { ?>
    319319<input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
  • trunk/wp-admin/edit-form-comment.php

    r23554 r23563  
    133133<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
    134134<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
    135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
     135<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
    136136<?php wp_original_referer_field(true, 'previous'); ?>
    137137<input type="hidden" name="noredir" value="1" />
  • trunk/wp-admin/edit-tags.php

    r23554 r23563  
    165165default:
    166166if ( ! empty($_REQUEST['_wp_http_referer']) ) {
    167     $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) );
     167    $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) );
    168168
    169169    if ( ! empty( $_REQUEST['paged'] ) )
     
    266266<h2><?php echo esc_html( $title );
    267267if ( !empty($_REQUEST['s']) )
    268     printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
     268    printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
    269269</h2>
    270270
  • trunk/wp-admin/edit.php

    r23554 r23563  
    139139    exit();
    140140} elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
    141      wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
     141     wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) ) );
    142142     exit;
    143143}
  • trunk/wp-admin/includes/ajax-actions.php

    r23554 r23563  
    6060    }
    6161
    62     $s = stripslashes( $_GET['q'] );
     62    $s = wp_unslash( $_GET['q'] );
    6363
    6464    $comma = _x( ',', 'tag delimiter' );
     
    573573        else if ( is_array( $cat_id ) )
    574574            $cat_id = $cat_id['term_id'];
    575         $cat_name = esc_html(stripslashes($cat_name));
     575        $cat_name = esc_html(wp_unslash($cat_name));
    576576        $x->add( array(
    577577            'what' => 'link-category',
     
    958958    } else { // Update?
    959959        $mid = (int) key( $_POST['meta'] );
    960         $key = stripslashes( $_POST['meta'][$mid]['key'] );
    961         $value = stripslashes( $_POST['meta'][$mid]['value'] );
     960        $key = wp_unslash( $_POST['meta'][$mid]['key'] );
     961        $value = wp_unslash( $_POST['meta'][$mid]['value'] );
    962962        if ( '' == trim($key) )
    963963            wp_die( __( 'Please provide a custom field name.' ) );
     
    12281228
    12291229    if ( isset( $_POST['search'] ) )
    1230         $args['s'] = stripslashes( $_POST['search'] );
     1230        $args['s'] = wp_unslash( $_POST['search'] );
    12311231    $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
    12321232
     
    13291329
    13301330    $post = get_post( $post_ID, ARRAY_A );
    1331     $post = add_magic_quotes($post); //since it is from db
     1331    $post = wp_slash($post); //since it is from db
    13321332
    13331333    $data['content'] = $post['post_content'];
     
    14261426    unset( $post_types['attachment'] );
    14271427
    1428     $s = stripslashes( $_POST['ps'] );
     1428    $s = wp_unslash( $_POST['ps'] );
    14291429    $searchand = $search = '';
    14301430    $args = array(
     
    18911891    if ( isset( $changes['alt'] ) ) {
    18921892        $alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
    1893         $new_alt = stripslashes( $changes['alt'] );
     1893        $new_alt = wp_unslash( $changes['alt'] );
    18941894        if ( $alt != $new_alt ) {
    18951895            $new_alt = wp_strip_all_tags( $new_alt, true );
     
    19911991    check_ajax_referer( 'media-send-to-editor', 'nonce' );
    19921992
    1993     $attachment = stripslashes_deep( $_POST['attachment'] );
     1993    $attachment = wp_unslash( $_POST['attachment'] );
    19941994
    19951995    $id = intval( $attachment['id'] );
     
    20462046    check_ajax_referer( 'media-send-to-editor', 'nonce' );
    20472047
    2048     if ( ! $src = stripslashes( $_POST['src'] ) )
     2048    if ( ! $src = wp_unslash( $_POST['src'] ) )
    20492049        wp_send_json_error();
    20502050
     
    20552055        wp_send_json_error();
    20562056
    2057     if ( ! $title = trim( stripslashes( $_POST['title'] ) ) )
     2057    if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )
    20582058        $title = wp_basename( $src );
    20592059
     
    21152115
    21162116    if ( ! empty($_POST['data']) ) {
    2117         $data = stripslashes_deep( (array) $_POST['data'] );
     2117        $data = wp_unslash( (array) $_POST['data'] );
    21182118        $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
    21192119    }
  • trunk/wp-admin/includes/bookmark.php

    r23554 r23563  
    5656    $link = new stdClass;
    5757    if ( isset( $_GET['linkurl'] ) )
    58         $link->link_url = esc_url( $_GET['linkurl'] );
     58        $link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ) );
    5959    else
    6060        $link->link_url = '';
    6161
    6262    if ( isset( $_GET['name'] ) )
    63         $link->link_name = esc_attr( $_GET['name'] );
     63        $link->link_name = esc_attr( wp_unslash( $_GET['name'] ) );
    6464    else
    6565        $link->link_name = '';
     
    138138    $linkdata = sanitize_bookmark( $linkdata, 'db' );
    139139
    140     extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
     140    extract( wp_unslash( $linkdata ), EXTR_SKIP );
    141141
    142142    $update = false;
     
    252252
    253253    // Escape data pulled from DB.
    254     $link = add_magic_quotes( $link );
     254    $link = wp_slash( $link );
    255255
    256256    // Passed link category list overwrites existing category list if not empty.
  • trunk/wp-admin/includes/class-wp-comments-list-table.php

    r23554 r23563  
    171171            // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
    172172            if ( !empty( $_REQUEST['s'] ) )
    173                 $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link );
     173                $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );
    174174            */
    175175            $status_links[$status] = "<a href='$link'$class>" . sprintf(
  • trunk/wp-admin/includes/class-wp-ms-sites-list-table.php

    r23554 r23563  
    3030        $pagenum = $this->get_pagenum();
    3131
    32         $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : '';
     32        $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';
    3333        $wild = '';
    3434        if ( false !== strpos($s, '*') ) {
  • trunk/wp-admin/includes/class-wp-ms-themes-list-table.php

    r23554 r23563  
    127127        static $term;
    128128        if ( is_null( $term ) )
    129             $term = stripslashes( $_REQUEST['s'] );
     129            $term = wp_unslash( $_REQUEST['s'] );
    130130
    131131        foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) {
  • trunk/wp-admin/includes/class-wp-ms-users-list-table.php

    r23554 r23563  
    174174                    case 'username':
    175175                        $avatar = get_avatar( $user->user_email, 32 );
    176                         $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
     176                        $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
    177177
    178178                        echo "<td $attributes>"; ?>
    179                             <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo stripslashes( $user->user_login ); ?></a><?php
     179                            <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php
    180180                            if ( in_array( $user->user_login, $super_admins ) )
    181181                                echo ' - ' . __( 'Super Admin' );
     
    187187
    188188                                if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) {
    189                                     $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
     189                                    $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
    190190                                }
    191191
  • trunk/wp-admin/includes/class-wp-plugin-install-list-table.php

    r23554 r23563  
    4949        switch ( $tab ) {
    5050            case 'search':
    51                 $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
    52                 $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
     51                $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
     52                $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
    5353
    5454                switch ( $type ) {
     
    7474
    7575            case 'favorites':
    76                 $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
     76                $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
    7777                update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
    7878                if ( $user )
  • trunk/wp-admin/includes/class-wp-plugins-list-table.php

    r23554 r23563  
    2323
    2424        if ( isset($_REQUEST['s']) )
    25             $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) );
     25            $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );
    2626
    2727        $page = $this->get_pagenum();
     
    141141        static $term;
    142142        if ( is_null( $term ) )
    143             $term = stripslashes( $_REQUEST['s'] );
     143            $term = wp_unslash( $_REQUEST['s'] );
    144144
    145145        foreach ( $plugin as $value )
  • trunk/wp-admin/includes/class-wp-terms-list-table.php

    r23554 r23563  
    5353        }
    5454
    55         $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : '';
     55        $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
    5656
    5757        $args = array(
     
    6262
    6363        if ( !empty( $_REQUEST['orderby'] ) )
    64             $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) );
     64            $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
    6565
    6666        if ( !empty( $_REQUEST['order'] ) )
    67             $args['order'] = trim( stripslashes( $_REQUEST['order'] ) );
     67            $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
    6868
    6969        $this->callback_args = $args;
  • trunk/wp-admin/includes/class-wp-theme-install-list-table.php

    r23554 r23563  
    2525        $search_string = '';
    2626        if ( ! empty( $_REQUEST['s'] ) ){
    27             $search_string = strtolower( stripslashes( $_REQUEST['s'] ) );
     27            $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) );
    2828            $search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) );
    2929        }
     
    6060        switch ( $tab ) {
    6161            case 'search':
    62                 $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
     62                $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
    6363                switch ( $type ) {
    6464                    case 'tag':
  • trunk/wp-admin/includes/class-wp-themes-list-table.php

    r23554 r23563  
    2929
    3030        if ( ! empty( $_REQUEST['s'] ) )
    31             $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) );
     31            $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) );
    3232
    3333        if ( ! empty( $_REQUEST['features'] ) )
     
    236236     */
    237237     function _js_vars( $extra_args = array() ) {
    238         $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
     238        $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
    239239
    240240        $args = array(
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r23554 r23563  
    14281428        $install_actions = array();
    14291429
    1430         $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
     1430        $from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins';
    14311431
    14321432        if ( 'import' == $from )
  • trunk/wp-admin/includes/class-wp-users-list-table.php

    r23554 r23563  
    242242        if ( current_user_can( 'list_users' ) ) {
    243243            // Set up the user editing link
    244             $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
     244            $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
    245245
    246246            // Set up the hover actions for this user
  • trunk/wp-admin/includes/dashboard.php

    r23554 r23563  
    10941094
    10951095    if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) {
    1096         $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] );
     1096        $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
    10971097        $widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
    10981098        // title is optional. If black, fill it if possible
  • trunk/wp-admin/includes/deprecated.php

    r23554 r23563  
    473473        _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
    474474
    475         $this->search_term = stripslashes( $search_term );
     475        $this->search_term = wp_unslash( $search_term );
    476476        $this->raw_page = ( '' == $page ) ? false : (int) $page;
    477477        $this->page = (int) ( '' == $page ) ? 1 : $page;
     
    552552     */
    553553    function prepare_vars_for_template_usage() {
    554         $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
     554        $this->search_term = wp_unslash($this->search_term); // done with DB, from now on we want slashes gone
    555555    }
    556556
  • trunk/wp-admin/includes/file.php

    r23554 r23563  
    902902
    903903    // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
    904     $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
    905     $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
    906     $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
     904    $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
     905    $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
     906    $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
    907907
    908908    // Check to see if we are setting the public/private keys for ssh
    909     $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
    910     $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
     909    $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
     910    $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
    911911
    912912    //sanitize the hostname, Some people might pass in odd-data:
     
    926926        $credentials['connection_type'] = 'ftps';
    927927    else if ( !empty($_POST['connection_type']) )
    928         $credentials['connection_type'] = stripslashes($_POST['connection_type']);
     928        $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
    929929    else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
    930930        $credentials['connection_type'] = 'ftp';
     
    10511051foreach ( (array) $extra_fields as $field ) {
    10521052    if ( isset( $_POST[ $field ] ) )
    1053         echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '" />';
     1053        echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
    10541054}
    10551055submit_button( __( 'Proceed' ), 'button', 'upgrade' );
  • trunk/wp-admin/includes/image-edit.php

    r23554 r23563  
    455455        return false;
    456456
    457     $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null;
     457    $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash($_REQUEST['history']) ) : null;
    458458    if ( $changes )
    459459        $img = image_edit_apply_changes( $img, $changes );
     
    588588        }
    589589    } elseif ( !empty($_REQUEST['history']) ) {
    590         $changes = json_decode( stripslashes($_REQUEST['history']) );
     590        $changes = json_decode( wp_unslash($_REQUEST['history']) );
    591591        if ( $changes )
    592592            $img = image_edit_apply_changes($img, $changes);
  • trunk/wp-admin/includes/media.php

    r23554 r23563  
    469469        if ( isset($attachment['image_alt']) ) {
    470470            $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
    471             if ( $image_alt != stripslashes($attachment['image_alt']) ) {
    472                 $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
     471            if ( $image_alt != wp_unslash($attachment['image_alt']) ) {
     472                $image_alt = wp_strip_all_tags( wp_unslash($attachment['image_alt']), true );
    473473                // update_meta expects slashed
    474474                update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
     
    502502
    503503    if ( isset($send_id) ) {
    504         $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
     504        $attachment = wp_unslash( $_POST['attachments'][$send_id] );
    505505
    506506        $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
     
    547547
    548548        if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) {
    549             $title = esc_html( stripslashes( $_POST['title'] ) );
     549            $title = esc_html( wp_unslash( $_POST['title'] ) );
    550550            if ( empty( $title ) )
    551551                $title = esc_html( basename( $src ) );
     
    562562        } else {
    563563            $align = '';
    564             $alt = esc_attr( stripslashes( $_POST['alt'] ) );
     564            $alt = esc_attr( wp_unslash( $_POST['alt'] ) );
    565565            if ( isset($_POST['align']) ) {
    566                 $align = esc_attr( stripslashes( $_POST['align'] ) );
     566                $align = esc_attr( wp_unslash( $_POST['align'] ) );
    567567                $class = " class='align$align'";
    568568            }
  • trunk/wp-admin/includes/misc.php

    r23554 r23563  
    221221 */
    222222function url_shorten( $url ) {
    223     $short_url = str_replace( 'http://', '', stripslashes( $url ));
     223    $short_url = str_replace( 'http://', '', wp_unslash( $url ));
    224224    $short_url = str_replace( 'www.', '', $short_url );
    225225    $short_url = untrailingslashit( $short_url );
  • trunk/wp-admin/includes/plugin-install.php

    r23554 r23563  
    117117 */
    118118function install_search_form( $type_selector = true ) {
    119     $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term';
    120     $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
     119    $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term';
     120    $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : '';
    121121
    122122    ?><form id="search-plugins" method="get" action="">
     
    161161 */
    162162function install_plugins_favorites_form() {
    163     $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
     163    $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
    164164    ?>
    165165    <p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
     
    252252    }
    253253    if ( isset($_GET['from']) )
    254         $url .= '&amp;from=' . urlencode(stripslashes($_GET['from']));
     254        $url .= '&amp;from=' . urlencode( wp_unslash( $_GET['from'] ) );
    255255
    256256    return compact('status', 'url', 'version');
     
    265265    global $tab;
    266266
    267     $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) ));
     267    $api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) ));
    268268
    269269    if ( is_wp_error($api) )
     
    296296    }
    297297
    298     $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
     298    $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
    299299    if ( empty($section) || ! isset($api->sections[ $section ]) )
    300300        $section = array_shift( $section_titles = array_keys((array)$api->sections) );
  • trunk/wp-admin/includes/post.php

    r23560 r23563  
    198198
    199199    if ( isset( $post_data[ '_wp_format_url' ] ) ) {
    200         update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( stripslashes( $post_data['_wp_format_url'] ) ) ) );
     200        update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
    201201    }
    202202
     
    237237        if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
    238238            $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
    239             if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
    240                 $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
     239            if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) {
     240                $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );
    241241                // update_meta expects slashed
    242242                update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
     
    431431    $post_title = '';
    432432    if ( !empty( $_REQUEST['post_title'] ) )
    433         $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
     433        $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
    434434
    435435    $post_content = '';
    436436    if ( !empty( $_REQUEST['content'] ) )
    437         $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
     437        $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
    438438
    439439    $post_excerpt = '';
    440440    if ( !empty( $_REQUEST['excerpt'] ) )
    441         $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
     441        $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
    442442
    443443    if ( $create_in_db ) {
     
    488488    global $wpdb;
    489489
    490     $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
    491     $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
    492     $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
     490    $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
     491    $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
     492    $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
    493493
    494494    $query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
     
    621621    $post_ID = (int) $post_ID;
    622622
    623     $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
    624     $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
     623    $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
     624    $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
    625625    $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
    626626    if ( is_string( $metavalue ) )
     
    720720 */
    721721function update_meta( $meta_id, $meta_key, $meta_value ) {
    722     $meta_key = stripslashes( $meta_key );
    723     $meta_value = stripslashes_deep( $meta_value );
     722    $meta_key = wp_unslash( $meta_key );
     723    $meta_value = wp_unslash( $meta_value );
    724724
    725725    return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
     
    12461246
    12471247    // _wp_put_post_revision() expects unescaped.
    1248     $_POST = stripslashes_deep($_POST);
     1248    $_POST = wp_unslash($_POST);
    12491249
    12501250    // Otherwise create the new autosave as a special post revision
  • trunk/wp-admin/includes/taxonomy.php

    r23554 r23563  
    159159
    160160    // Escape data pulled from DB.
    161     $category = add_magic_quotes($category);
     161    $category = wp_slash($category);
    162162
    163163    // Merge old and new fields with new fields overwriting old ones.
Note: See TracChangeset for help on using the changeset viewer.