Changeset 23576

Timestamp:

03/01/2013 05:57:08 PM (6 years ago)

Author:

nacin

Message:

Unslash early, directly on the superglobal. see #21767.

File:

• trunk/wp-admin/includes/ajax-actions.php (modified) (4 diffs)

trunk/wp-admin/includes/ajax-actions.php

@@ -560 +560 @@
     if ( !current_user_can( 'manage_categories' ) )
         wp_die( -1 );
-    $names = explode(',', $_POST['newcat']);
+    $names = explode(',', wp_unslash( $_POST['newcat'] ) );
     $x = new WP_Ajax_Response();
     foreach ( $names as $cat_name ) {
@@ -573 +573 @@
         else if ( is_array( $cat_id ) )
             $cat_id = $cat_id['term_id'];
-        $cat_name = esc_html(wp_unslash($cat_name));
+        $cat_name = esc_html( $cat_name );
         $x->add( array(
             'what' => 'link-category',
@@ -1890 +1890 @@
 
     if ( isset( $changes['alt'] ) ) {
-        $alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
-        $new_alt = wp_unslash( $changes['alt'] );
-        if ( $alt != $new_alt ) {
-            $new_alt = wp_strip_all_tags( $new_alt, true );
-            update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) );
+        $alt = wp_unslash( $changes['alt'] );
+        if ( $alt != get_post_meta( $id, '_wp_attachment_image_alt', true ) ) {
+            $alt = wp_strip_all_tags( $alt, true );
+            update_post_meta( $id, '_wp_attachment_image_alt', wp_slash( $alt ) );
         }
     }
@@ -2204 +2203 @@
     $restoreaction = wp_nonce_url(
         add_query_arg(
-            array( 'revision' => $revision->ID, 
+            array( 'revision' => $revision->ID,
                 'action' => 'restore' ),
                 '/wp-admin/revision.php'