Make WordPress Core

Changeset 23578


Ignore:
Timestamp:
03/01/2013 05:58:43 PM (12 years ago)
Author:
nacin
Message:

Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().

Use wp_slash() instead of addslashes().

see #21767.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-comments.php

    r23567 r23578  
    2222    if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
    2323        $comment_status = wp_unslash( $_REQUEST['comment_status'] );
    24         $delete_time = wp_unslash ( $_REQUEST['pagegen_timestamp'] );
     24        $delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] );
    2525        $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
    2626        $doaction = 'delete';
  • trunk/wp-admin/edit-form-comment.php

    r23563 r23578  
    133133<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
    134134<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
    135 <input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
     135<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_get_referer() ); ?>" />
    136136<?php wp_original_referer_field(true, 'previous'); ?>
    137137<input type="hidden" name="noredir" value="1" />
  • trunk/wp-admin/includes/media.php

    r23563 r23578  
    468468
    469469        if ( isset($attachment['image_alt']) ) {
    470             $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
    471             if ( $image_alt != wp_unslash($attachment['image_alt']) ) {
    472                 $image_alt = wp_strip_all_tags( wp_unslash($attachment['image_alt']), true );
     470            $image_alt = wp_unslash( $attachment['image_alt'] );
     471            if ( $image_alt != get_post_meta($attachment_id, '_wp_attachment_image_alt', true) ) {
     472                $image_alt = wp_strip_all_tags( $image_alt, true );
    473473                // update_meta expects slashed
    474                 update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
     474                update_post_meta( $attachment_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
    475475            }
    476476        }
  • trunk/wp-admin/includes/post.php

    r23563 r23578  
    198198
    199199    if ( isset( $post_data[ '_wp_format_url' ] ) ) {
    200         update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
     200        update_post_meta( $post_ID, '_wp_format_url', wp_slash( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
    201201    }
    202202
     
    236236    if ( 'attachment' == $post_data['post_type'] ) {
    237237        if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
    238             $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
    239             if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) {
    240                 $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );
     238            $image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] );
     239            if ( $image_alt != get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) ) {
     240                $image_alt = wp_strip_all_tags( $image_alt, true );
    241241                // update_meta expects slashed
    242                 update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
     242                update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
    243243            }
    244244        }
  • trunk/wp-includes/functions.php

    r23570 r23578  
    12341234 */
    12351235function wp_referer_field( $echo = true ) {
    1236     $ref = esc_attr( $_SERVER['REQUEST_URI'] );
    1237     $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
     1236    $referer_field = '<input type="hidden" name="_wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
    12381237
    12391238    if ( $echo )
     
    12581257 */
    12591258function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
    1260     $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
    1261     $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
    1262     $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
     1259    if ( ! $ref = wp_get_original_referer() ) {
     1260        $ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
     1261    }
     1262    $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />';
    12631263    if ( $echo )
    12641264        echo $orig_referer_field;
     
    12791279    $ref = false;
    12801280    if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
    1281         $ref = $_REQUEST['_wp_http_referer'];
     1281        $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
    12821282    else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
    1283         $ref = $_SERVER['HTTP_REFERER'];
    1284 
    1285     if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
     1283        $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
     1284
     1285    if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
    12861286        return wp_unslash( $ref );
    12871287    return false;
     
    12991299function wp_get_original_referer() {
    13001300    if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
    1301         return $_REQUEST['_wp_original_http_referer'];
     1301        return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
    13021302    return false;
    13031303}
     
    39073907/**
    39083908 * Output the JS that shows the wp-login iframe when the user is no longer logged in
    3909  */ 
     3909 */
    39103910function wp_auth_check_js() {
    39113911    ?>
Note: See TracChangeset for help on using the changeset viewer.