Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:00:25 PM (11 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r23560 r23563  
    198198
    199199    if ( isset( $post_data[ '_wp_format_url' ] ) ) {
    200         update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( stripslashes( $post_data['_wp_format_url'] ) ) ) );
     200        update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
    201201    }
    202202
     
    237237        if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
    238238            $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
    239             if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
    240                 $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
     239            if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) {
     240                $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );
    241241                // update_meta expects slashed
    242242                update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
     
    431431    $post_title = '';
    432432    if ( !empty( $_REQUEST['post_title'] ) )
    433         $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
     433        $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
    434434
    435435    $post_content = '';
    436436    if ( !empty( $_REQUEST['content'] ) )
    437         $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
     437        $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
    438438
    439439    $post_excerpt = '';
    440440    if ( !empty( $_REQUEST['excerpt'] ) )
    441         $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
     441        $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
    442442
    443443    if ( $create_in_db ) {
     
    488488    global $wpdb;
    489489
    490     $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
    491     $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
    492     $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
     490    $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
     491    $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
     492    $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
    493493
    494494    $query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
     
    621621    $post_ID = (int) $post_ID;
    622622
    623     $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
    624     $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
     623    $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
     624    $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
    625625    $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
    626626    if ( is_string( $metavalue ) )
     
    720720 */
    721721function update_meta( $meta_id, $meta_key, $meta_value ) {
    722     $meta_key = stripslashes( $meta_key );
    723     $meta_value = stripslashes_deep( $meta_value );
     722    $meta_key = wp_unslash( $meta_key );
     723    $meta_value = wp_unslash( $meta_value );
    724724
    725725    return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
     
    12461246
    12471247    // _wp_put_post_revision() expects unescaped.
    1248     $_POST = stripslashes_deep($_POST);
     1248    $_POST = wp_unslash($_POST);
    12491249
    12501250    // Otherwise create the new autosave as a special post revision
Note: See TracChangeset for help on using the changeset viewer.