WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/03/2013 04:30:38 PM (8 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #WP21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment.php

    r23571 r23591  
    635635    if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
    636636        $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
    637         $comment_author = stripslashes($comment_author);
     637        $comment_author = wp_unslash($comment_author);
    638638        $comment_author = esc_attr($comment_author);
    639639        $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
     
    642642    if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
    643643        $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
    644         $comment_author_email = stripslashes($comment_author_email);
     644        $comment_author_email = wp_unslash($comment_author_email);
    645645        $comment_author_email = esc_attr($comment_author_email);
    646646        $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
     
    649649    if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
    650650        $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
    651         $comment_author_url = stripslashes($comment_author_url);
     651        $comment_author_url = wp_unslash($comment_author_url);
    652652        $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
    653653    }
     
    12631263function wp_insert_comment($commentdata) {
    12641264    global $wpdb;
    1265     extract(stripslashes_deep($commentdata), EXTR_SKIP);
     1265    extract(wp_unslash($commentdata), EXTR_SKIP);
    12661266
    12671267    if ( ! isset($comment_author_IP) )
     
    15031503
    15041504    // Now extract the merged array.
    1505     extract(stripslashes_deep($commentarr), EXTR_SKIP);
     1505    extract(wp_unslash($commentarr), EXTR_SKIP);
    15061506
    15071507    $comment_content = apply_filters('comment_save_pre', $comment_content);
Note: See TracChangeset for help on using the changeset viewer.