Changeset 23591
- Timestamp:
- 03/03/2013 04:30:38 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/user-new.php
r23554 r23591 117 117 $add_user_errors = $user_details[ 'errors' ]; 118 118 } else { 119 $new_user_login = apply_filters('pre_user_login', sanitize_user( stripslashes($_REQUEST['user_login']), true));119 $new_user_login = apply_filters('pre_user_login', sanitize_user(wp_unslash($_REQUEST['user_login']), true)); 120 120 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { 121 121 add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email … … 310 310 if( isset( $_POST['createuser'] ) ) { 311 311 if ( ! isset($$var) ) 312 $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';312 $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : ''; 313 313 } else { 314 314 $$var = false; -
trunk/wp-admin/users.php
r23554 r23591 65 65 66 66 if ( empty($_REQUEST) ) { 67 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( stripslashes($_SERVER['REQUEST_URI'])) . '" />';67 $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />'; 68 68 } elseif ( isset($_REQUEST['wp_http_referer']) ) { 69 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));69 $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) ); 70 70 $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />'; 71 71 } else { … … 358 358 359 359 if ( !empty($_GET['_wp_http_referer']) ) { 360 wp_redirect( remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));360 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); 361 361 exit; 362 362 } … … 382 382 if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) { 383 383 $messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ), 384 esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ),384 esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 385 385 self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>'; 386 386 } else { -
trunk/wp-includes/class-wp-customize-manager.php
r23554 r23591 311 311 if ( ! isset( $this->_post_values ) ) { 312 312 if ( isset( $_POST['customized'] ) ) 313 $this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true );313 $this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true ); 314 314 else 315 315 $this->_post_values = false; -
trunk/wp-includes/class-wp-customize-setting.php
r23554 r23591 145 145 */ 146 146 public function sanitize( $value ) { 147 $value = stripslashes_deep( $value );147 $value = wp_unslash( $value ); 148 148 return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); 149 149 } -
trunk/wp-includes/class-wp-xmlrpc-server.php
r23554 r23591 281 281 $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); 282 282 if ( isset($meta['key']) ) { 283 $meta['key'] = stripslashes( $meta['key'] );283 $meta['key'] = wp_unslash( $meta['key'] ); 284 284 if ( $meta['key'] != $pmeta->meta_key ) 285 285 continue; 286 $meta['value'] = stripslashes_deep( $meta['value'] );286 $meta['value'] = wp_unslash( $meta['value'] ); 287 287 if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) 288 288 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); … … 290 290 delete_metadata_by_mid( 'post', $meta['id'] ); 291 291 } 292 } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {292 } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) { 293 293 add_post_meta( $post_id, $meta['key'], $meta['value'] ); 294 294 } … … 3747 3747 $categories = implode(',', wp_get_post_categories($post_ID)); 3748 3748 3749 $content = '<title>'. stripslashes($post_data['post_title']).'</title>';3749 $content = '<title>'.wp_unslash($post_data['post_title']).'</title>'; 3750 3750 $content .= '<category>'.$categories.'</category>'; 3751 $content .= stripslashes($post_data['post_content']);3751 $content .= wp_unslash($post_data['post_content']); 3752 3752 3753 3753 $struct = array( … … 3801 3801 $categories = implode(',', wp_get_post_categories($entry['ID'])); 3802 3802 3803 $content = '<title>'. stripslashes($entry['post_title']).'</title>';3803 $content = '<title>'.wp_unslash($entry['post_title']).'</title>'; 3804 3804 $content .= '<category>'.$categories.'</category>'; 3805 $content .= stripslashes($entry['post_content']);3805 $content .= wp_unslash($entry['post_content']); 3806 3806 3807 3807 $struct[] = array( -
trunk/wp-includes/comment.php
r23571 r23591 635 635 if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { 636 636 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); 637 $comment_author = stripslashes($comment_author);637 $comment_author = wp_unslash($comment_author); 638 638 $comment_author = esc_attr($comment_author); 639 639 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; … … 642 642 if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { 643 643 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); 644 $comment_author_email = stripslashes($comment_author_email);644 $comment_author_email = wp_unslash($comment_author_email); 645 645 $comment_author_email = esc_attr($comment_author_email); 646 646 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; … … 649 649 if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { 650 650 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); 651 $comment_author_url = stripslashes($comment_author_url);651 $comment_author_url = wp_unslash($comment_author_url); 652 652 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; 653 653 } … … 1263 1263 function wp_insert_comment($commentdata) { 1264 1264 global $wpdb; 1265 extract( stripslashes_deep($commentdata), EXTR_SKIP);1265 extract(wp_unslash($commentdata), EXTR_SKIP); 1266 1266 1267 1267 if ( ! isset($comment_author_IP) ) … … 1503 1503 1504 1504 // Now extract the merged array. 1505 extract( stripslashes_deep($commentarr), EXTR_SKIP);1505 extract(wp_unslash($commentarr), EXTR_SKIP); 1506 1506 1507 1507 $comment_content = apply_filters('comment_save_pre', $comment_content); -
trunk/wp-includes/cron.php
r23554 r23591 231 231 232 232 ob_start(); 233 wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) );233 wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); 234 234 echo ' '; 235 235 -
trunk/wp-includes/feed.php
r23554 r23591 489 489 function self_link() { 490 490 $host = @parse_url(home_url()); 491 echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ) ) );491 echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ); 492 492 } 493 493 -
trunk/wp-includes/formatting.php
r23555 r23591 1424 1424 $gpc = stripslashes($gpc); 1425 1425 1426 return esc_sql($gpc);1426 return wp_slash($gpc); 1427 1427 } 1428 1428 … … 1720 1720 $text = stripslashes($text); 1721 1721 $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text); 1722 $text = esc_sql($text);1722 $text = wp_slash($text); 1723 1723 return $text; 1724 1724 } -
trunk/wp-includes/meta.php
r23554 r23591 44 44 45 45 // expected_slashed ($meta_key) 46 $meta_key = stripslashes($meta_key);47 $meta_value = stripslashes_deep($meta_value);46 $meta_key = wp_unslash($meta_key); 47 $meta_value = wp_unslash($meta_value); 48 48 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 49 49 … … 115 115 116 116 // expected_slashed ($meta_key) 117 $meta_key = stripslashes($meta_key);117 $meta_key = wp_unslash($meta_key); 118 118 $passed_value = $meta_value; 119 $meta_value = stripslashes_deep($meta_value);119 $meta_value = wp_unslash($meta_value); 120 120 $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); 121 121 … … 197 197 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 198 198 // expected_slashed ($meta_key) 199 $meta_key = stripslashes($meta_key);200 $meta_value = stripslashes_deep($meta_value);199 $meta_key = wp_unslash($meta_key); 200 $meta_value = wp_unslash($meta_value); 201 201 202 202 $check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all ); -
trunk/wp-includes/ms-files.php
r23554 r23591 59 59 60 60 // Support for Conditional GET 61 $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;61 $client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; 62 62 63 63 if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
Note: See TracChangeset
for help on using the changeset viewer.