WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:00:25 PM (13 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/includes/bookmark.php

    r23554 r23563  
    5656    $link = new stdClass;
    5757    if ( isset( $_GET['linkurl'] ) )
    58         $link->link_url = esc_url( $_GET['linkurl'] );
     58        $link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ) );
    5959    else
    6060        $link->link_url = '';
    6161
    6262    if ( isset( $_GET['name'] ) )
    63         $link->link_name = esc_attr( $_GET['name'] );
     63        $link->link_name = esc_attr( wp_unslash( $_GET['name'] ) );
    6464    else
    6565        $link->link_name = '';
     
    138138    $linkdata = sanitize_bookmark( $linkdata, 'db' );
    139139
    140     extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
     140    extract( wp_unslash( $linkdata ), EXTR_SKIP );
    141141
    142142    $update = false;
     
    252252
    253253    // Escape data pulled from DB.
    254     $link = add_magic_quotes( $link );
     254    $link = wp_slash( $link );
    255255
    256256    // Passed link category list overwrites existing category list if not empty.
Note: See TracChangeset for help on using the changeset viewer.