Make WordPress Core


Ignore:
Timestamp:
03/01/2013 05:58:43 PM (12 years ago)
Author:
nacin
Message:

Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().

Use wp_slash() instead of addslashes().

see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r23563 r23578  
    198198
    199199    if ( isset( $post_data[ '_wp_format_url' ] ) ) {
    200         update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
     200        update_post_meta( $post_ID, '_wp_format_url', wp_slash( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
    201201    }
    202202
     
    236236    if ( 'attachment' == $post_data['post_type'] ) {
    237237        if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
    238             $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
    239             if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) {
    240                 $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );
     238            $image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] );
     239            if ( $image_alt != get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) ) {
     240                $image_alt = wp_strip_all_tags( $image_alt, true );
    241241                // update_meta expects slashed
    242                 update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
     242                update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
    243243            }
    244244        }
Note: See TracChangeset for help on using the changeset viewer.