Changeset 23578
- Timestamp:
- 03/01/2013 05:58:43 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/edit-comments.php
r23567 r23578 22 22 if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { 23 23 $comment_status = wp_unslash( $_REQUEST['comment_status'] ); 24 $delete_time = wp_unslash 24 $delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] ); 25 25 $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) ); 26 26 $doaction = 'delete'; -
trunk/wp-admin/edit-form-comment.php
r23563 r23578 133 133 <input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" /> 134 134 <input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" /> 135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_unslash(wp_get_referer())); ?>" />135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_get_referer() ); ?>" /> 136 136 <?php wp_original_referer_field(true, 'previous'); ?> 137 137 <input type="hidden" name="noredir" value="1" /> -
trunk/wp-admin/includes/media.php
r23563 r23578 468 468 469 469 if ( isset($attachment['image_alt']) ) { 470 $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);471 if ( $image_alt != wp_unslash($attachment['image_alt']) ) {472 $image_alt = wp_strip_all_tags( wp_unslash($attachment['image_alt']), true );470 $image_alt = wp_unslash( $attachment['image_alt'] ); 471 if ( $image_alt != get_post_meta($attachment_id, '_wp_attachment_image_alt', true) ) { 472 $image_alt = wp_strip_all_tags( $image_alt, true ); 473 473 // update_meta expects slashed 474 update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );474 update_post_meta( $attachment_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) ); 475 475 } 476 476 } -
trunk/wp-admin/includes/post.php
r23563 r23578 198 198 199 199 if ( isset( $post_data[ '_wp_format_url' ] ) ) { 200 update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );200 update_post_meta( $post_ID, '_wp_format_url', wp_slash( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) ); 201 201 } 202 202 … … 236 236 if ( 'attachment' == $post_data['post_type'] ) { 237 237 if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) { 238 $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true);239 if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt']) ) {240 $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );238 $image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] ); 239 if ( $image_alt != get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) ) { 240 $image_alt = wp_strip_all_tags( $image_alt, true ); 241 241 // update_meta expects slashed 242 update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );242 update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) ); 243 243 } 244 244 } -
trunk/wp-includes/functions.php
r23570 r23578 1234 1234 */ 1235 1235 function wp_referer_field( $echo = true ) { 1236 $ref = esc_attr( $_SERVER['REQUEST_URI'] ); 1237 $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />'; 1236 $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />'; 1238 1237 1239 1238 if ( $echo ) … … 1258 1257 */ 1259 1258 function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { 1260 $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; 1261 $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; 1262 $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />'; 1259 if ( ! $ref = wp_get_original_referer() ) { 1260 $ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] ); 1261 } 1262 $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />'; 1263 1263 if ( $echo ) 1264 1264 echo $orig_referer_field; … … 1279 1279 $ref = false; 1280 1280 if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) 1281 $ref = $_REQUEST['_wp_http_referer'];1281 $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); 1282 1282 else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) 1283 $ref = $_SERVER['HTTP_REFERER'];1284 1285 if ( $ref && $ref !== $_SERVER['REQUEST_URI'])1283 $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); 1284 1285 if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) ) 1286 1286 return wp_unslash( $ref ); 1287 1287 return false; … … 1299 1299 function wp_get_original_referer() { 1300 1300 if ( !empty( $_REQUEST['_wp_original_http_referer'] ) ) 1301 return $_REQUEST['_wp_original_http_referer'];1301 return wp_unslash( $_REQUEST['_wp_original_http_referer'] ); 1302 1302 return false; 1303 1303 } … … 3907 3907 /** 3908 3908 * Output the JS that shows the wp-login iframe when the user is no longer logged in 3909 */ 3909 */ 3910 3910 function wp_auth_check_js() { 3911 3911 ?>
Note: See TracChangeset
for help on using the changeset viewer.