WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:00:25 PM (7 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r23554 r23563  
    6060    }
    6161
    62     $s = stripslashes( $_GET['q'] );
     62    $s = wp_unslash( $_GET['q'] );
    6363
    6464    $comma = _x( ',', 'tag delimiter' );
     
    573573        else if ( is_array( $cat_id ) )
    574574            $cat_id = $cat_id['term_id'];
    575         $cat_name = esc_html(stripslashes($cat_name));
     575        $cat_name = esc_html(wp_unslash($cat_name));
    576576        $x->add( array(
    577577            'what' => 'link-category',
     
    958958    } else { // Update?
    959959        $mid = (int) key( $_POST['meta'] );
    960         $key = stripslashes( $_POST['meta'][$mid]['key'] );
    961         $value = stripslashes( $_POST['meta'][$mid]['value'] );
     960        $key = wp_unslash( $_POST['meta'][$mid]['key'] );
     961        $value = wp_unslash( $_POST['meta'][$mid]['value'] );
    962962        if ( '' == trim($key) )
    963963            wp_die( __( 'Please provide a custom field name.' ) );
     
    12281228
    12291229    if ( isset( $_POST['search'] ) )
    1230         $args['s'] = stripslashes( $_POST['search'] );
     1230        $args['s'] = wp_unslash( $_POST['search'] );
    12311231    $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
    12321232
     
    13291329
    13301330    $post = get_post( $post_ID, ARRAY_A );
    1331     $post = add_magic_quotes($post); //since it is from db
     1331    $post = wp_slash($post); //since it is from db
    13321332
    13331333    $data['content'] = $post['post_content'];
     
    14261426    unset( $post_types['attachment'] );
    14271427
    1428     $s = stripslashes( $_POST['ps'] );
     1428    $s = wp_unslash( $_POST['ps'] );
    14291429    $searchand = $search = '';
    14301430    $args = array(
     
    18911891    if ( isset( $changes['alt'] ) ) {
    18921892        $alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
    1893         $new_alt = stripslashes( $changes['alt'] );
     1893        $new_alt = wp_unslash( $changes['alt'] );
    18941894        if ( $alt != $new_alt ) {
    18951895            $new_alt = wp_strip_all_tags( $new_alt, true );
     
    19911991    check_ajax_referer( 'media-send-to-editor', 'nonce' );
    19921992
    1993     $attachment = stripslashes_deep( $_POST['attachment'] );
     1993    $attachment = wp_unslash( $_POST['attachment'] );
    19941994
    19951995    $id = intval( $attachment['id'] );
     
    20462046    check_ajax_referer( 'media-send-to-editor', 'nonce' );
    20472047
    2048     if ( ! $src = stripslashes( $_POST['src'] ) )
     2048    if ( ! $src = wp_unslash( $_POST['src'] ) )
    20492049        wp_send_json_error();
    20502050
     
    20552055        wp_send_json_error();
    20562056
    2057     if ( ! $title = trim( stripslashes( $_POST['title'] ) ) )
     2057    if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )
    20582058        $title = wp_basename( $src );
    20592059
     
    21152115
    21162116    if ( ! empty($_POST['data']) ) {
    2117         $data = stripslashes_deep( (array) $_POST['data'] );
     2117        $data = wp_unslash( (array) $_POST['data'] );
    21182118        $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
    21192119    }
Note: See TracChangeset for help on using the changeset viewer.