Changeset 23563 for trunk/wp-admin/includes/post.php
- Timestamp:
- 03/01/2013 05:00:25 PM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/post.php
r23560 r23563 198 198 199 199 if ( isset( $post_data[ '_wp_format_url' ] ) ) { 200 update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( stripslashes( $post_data['_wp_format_url'] ) ) ) );200 update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) ); 201 201 } 202 202 … … 237 237 if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) { 238 238 $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true ); 239 if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {240 $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );239 if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) { 240 $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true ); 241 241 // update_meta expects slashed 242 242 update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) ); … … 431 431 $post_title = ''; 432 432 if ( !empty( $_REQUEST['post_title'] ) ) 433 $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));433 $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] )); 434 434 435 435 $post_content = ''; 436 436 if ( !empty( $_REQUEST['content'] ) ) 437 $post_content = esc_html( stripslashes( $_REQUEST['content'] ));437 $post_content = esc_html( wp_unslash( $_REQUEST['content'] )); 438 438 439 439 $post_excerpt = ''; 440 440 if ( !empty( $_REQUEST['excerpt'] ) ) 441 $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));441 $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] )); 442 442 443 443 if ( $create_in_db ) { … … 488 488 global $wpdb; 489 489 490 $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );491 $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );492 $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );490 $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); 491 $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); 492 $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); 493 493 494 494 $query = "SELECT ID FROM $wpdb->posts WHERE 1=1"; … … 621 621 $post_ID = (int) $post_ID; 622 622 623 $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';624 $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';623 $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : ''; 624 $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : ''; 625 625 $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; 626 626 if ( is_string( $metavalue ) ) … … 720 720 */ 721 721 function update_meta( $meta_id, $meta_key, $meta_value ) { 722 $meta_key = stripslashes( $meta_key );723 $meta_value = stripslashes_deep( $meta_value );722 $meta_key = wp_unslash( $meta_key ); 723 $meta_value = wp_unslash( $meta_value ); 724 724 725 725 return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); … … 1246 1246 1247 1247 // _wp_put_post_revision() expects unescaped. 1248 $_POST = stripslashes_deep($_POST);1248 $_POST = wp_unslash($_POST); 1249 1249 1250 1250 // Otherwise create the new autosave as a special post revision
Note: See TracChangeset
for help on using the changeset viewer.