WordPress.org

Make WordPress Core

Changeset 23592


Ignore:
Timestamp:
03/03/2013 04:55:53 PM (7 years ago)
Author:
ryan
Message:

In ms-functions.php, remove unnecessary slashing, don't strip the return of get_site_option, s/stripslashes*/wp_unslash/.

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/ms-functions.php

    r23554 r23592  
    280280 */
    281281function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) {
    282     $domain         = addslashes( $domain );
    283     $weblog_title   = addslashes( $weblog_title );
    284 
    285282    if ( empty($path) )
    286283        $path = '/';
     
    583580    $blogname = apply_filters( 'newblogname', $blogname );
    584581
    585     $blog_title = stripslashes(  $blog_title );
     582    $blog_title = wp_unslash(  $blog_title );
    586583
    587584    if ( empty( $blog_title ) )
     
    637634    $key = substr( md5( time() . rand() . $domain ), 0, 16 );
    638635    $meta = serialize($meta);
    639     $domain = $wpdb->escape($domain);
    640     $path = $wpdb->escape($path);
    641     $title = $wpdb->escape($title);
    642636
    643637    $wpdb->insert( $wpdb->signups, array(
     
    841835
    842836    $meta = maybe_unserialize($signup->meta);
    843     $user_login = $wpdb->escape($signup->user_login);
    844     $user_email = $wpdb->escape($signup->user_email);
    845837    $password = wp_generate_password( 12, false );
    846838
     
    848840
    849841    if ( ! $user_id )
    850         $user_id = wpmu_create_user($user_login, $password, $user_email);
     842        $user_id = wpmu_create_user($signup->user_login, $password, $signup->user_email);
    851843    else
    852844        $user_already_exists = true;
     
    10251017Remote IP: %3$s
    10261018
    1027 Disable these notifications: %4$s' ), $blogname, $siteurl, $_SERVER['REMOTE_ADDR'], $options_site_url);
     1019Disable these notifications: %4$s' ), $blogname, $siteurl, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url);
    10281020    $msg = apply_filters( 'newblog_notify_siteadmin', $msg );
    10291021
     
    10591051Remote IP: %2$s
    10601052
    1061 Disable these notifications: %3$s'), $user->user_login, $_SERVER['REMOTE_ADDR'], $options_site_url);
     1053Disable these notifications: %3$s'), $user->user_login, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url);
    10621054
    10631055    $msg = apply_filters( 'newuser_notify_siteadmin', $msg, $user );
     
    11581150        update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) );
    11591151
    1160     update_option( 'blogname', stripslashes( $blog_title ) );
     1152    update_option( 'blogname', wp_unslash( $blog_title ) );
    11611153    update_option( 'admin_email', '' );
    11621154
     
    12151207        return false;
    12161208
    1217     $welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
     1209    $welcome_email = get_site_option( 'welcome_email' );
    12181210    if ( $welcome_email == false )
    1219         $welcome_email = stripslashes( __( 'Dear User,
     1211        $welcome_email = __( 'Dear User,
    12201212
    12211213Your new SITE_NAME site has been successfully set up at:
     
    12291221We hope you enjoy your new site. Thanks!
    12301222
    1231 --The Team @ SITE_NAME' ) );
     1223--The Team @ SITE_NAME' );
    12321224
    12331225    $url = get_blogaddress_by_id($blog_id);
     
    12531245        $current_site->site_name = 'WordPress';
    12541246
    1255     $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) );
     1247    $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, wp_unslash( $title ) ) );
    12561248    wp_mail($user->user_email, $subject, $message, $message_headers);
    12571249    return true;
     
    14821474    global $wpdb;
    14831475    $user = get_userdata( (int) $user_id );
    1484     $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
     1476    $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
    14851477}
    14861478
Note: See TracChangeset for help on using the changeset viewer.