Changeset 23594
- Timestamp:
- 03/03/2013 09:11:40 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/post-template.php
r23554 r23594 584 584 } 585 585 586 $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );586 $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); 587 587 588 588 return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); -
trunk/wp-includes/post.php
r23554 r23594 361 361 } 362 362 363 // Stripleading and trailing whitespace363 // ` leading and trailing whitespace 364 364 $main = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $main); 365 365 $extended = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $extended); … … 2798 2798 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); 2799 2799 $data = apply_filters('wp_insert_post_data', $data, $postarr); 2800 $data = stripslashes_deep( $data );2800 $data = wp_unslash( $data ); 2801 2801 $where = array( 'ID' => $post_ID ); 2802 2802 … … 2811 2811 } else { 2812 2812 if ( isset($post_mime_type) ) 2813 $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update2813 $data['post_mime_type'] = wp_unslash( $post_mime_type ); // This isn't in the update 2814 2814 // If there is a suggested ID, use it if not already present 2815 2815 if ( !empty($import_id) ) { … … 2905 2905 // non-escaped post was passed 2906 2906 $postarr = get_object_vars($postarr); 2907 $postarr = add_magic_quotes($postarr);2907 $postarr = wp_slash($postarr); 2908 2908 } 2909 2909 … … 2912 2912 2913 2913 // Escape data pulled from DB. 2914 $post = add_magic_quotes($post);2914 $post = wp_slash($post); 2915 2915 2916 2916 // Passed post category list overwrites existing category list if not empty. … … 3258 3258 $new = apply_filters('add_ping', $new); 3259 3259 // expected_slashed ($new) 3260 $new = stripslashes($new);3260 $new = wp_unslash($new); 3261 3261 return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) ); 3262 3262 } … … 3351 3351 foreach( (array) $trackback_urls as $tb_url) { 3352 3352 $tb_url = trim($tb_url); 3353 trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);3353 trackback($tb_url, wp_unslash($post_title), $excerpt, $post_id); 3354 3354 } 3355 3355 } … … 3695 3695 3696 3696 // meta_key and meta_value might be slashed 3697 $meta_key = stripslashes($meta_key);3698 $meta_value = stripslashes($meta_value);3697 $meta_key = wp_unslash($meta_key); 3698 $meta_value = wp_unslash($meta_value); 3699 3699 if ( ! empty( $meta_key ) ) 3700 3700 $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key); … … 3966 3966 // expected_slashed (everything!) 3967 3967 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); 3968 $data = stripslashes_deep( $data );3968 $data = wp_unslash( $data ); 3969 3969 3970 3970 if ( $update ) { -
trunk/wp-includes/revision.php
r23554 r23594 242 242 243 243 $post = _wp_post_revision_fields( $post, $autosave ); 244 $post = add_magic_quotes($post); //since data is from db244 $post = wp_slash($post); //since data is from db 245 245 246 246 $revision_id = wp_insert_post( $post ); … … 321 321 $update['ID'] = $revision['post_parent']; 322 322 323 $update = add_magic_quotes( $update ); //since data is from db323 $update = wp_slash( $update ); //since data is from db 324 324 325 325 $post_id = wp_update_post( $update ); -
trunk/wp-includes/taxonomy.php
r23554 r23594 960 960 } else if ( 'name' == $field ) { 961 961 // Assume already escaped 962 $value = stripslashes($value);962 $value = wp_unslash($value); 963 963 $field = 't.name'; 964 964 } else { … … 1500 1500 } 1501 1501 1502 $term = trim( stripslashes( $term ) );1502 $term = trim( wp_unslash( $term ) ); 1503 1503 1504 1504 if ( '' === $slug = sanitize_title($term) ) … … 2063 2063 2064 2064 // expected_slashed ($name) 2065 $name = stripslashes($name);2066 $description = stripslashes($description);2065 $name = wp_unslash($name); 2066 $description = wp_unslash($description); 2067 2067 2068 2068 if ( empty($slug) ) … … 2446 2446 2447 2447 // Escape data pulled from DB. 2448 $term = add_magic_quotes($term);2448 $term = wp_slash($term); 2449 2449 2450 2450 // Merge old and new args with new args overwriting old ones. … … 2457 2457 2458 2458 // expected_slashed ($name) 2459 $name = stripslashes($name);2460 $description = stripslashes($description);2459 $name = wp_unslash($name); 2460 $description = wp_unslash($description); 2461 2461 2462 2462 if ( '' == trim($name) ) -
trunk/wp-includes/user.php
r23588 r23594 1391 1391 1392 1392 $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); 1393 $data = stripslashes_deep( $data );1393 $data = wp_unslash( $data ); 1394 1394 1395 1395 if ( $update ) { … … 1505 1505 */ 1506 1506 function wp_create_user($username, $password, $email = '') { 1507 $user_login = esc_sql( $username );1508 $user_email = esc_sql( $email );1507 $user_login = wp_slash( $username ); 1508 $user_email = wp_slash( $email ); 1509 1509 $user_pass = $password; 1510 1510 -
trunk/wp-login.php
r23558 r23594 400 400 401 401 // 10 days 402 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );402 setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); 403 403 404 404 wp_safe_redirect( wp_get_referer() ); … … 435 435 login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors); 436 436 437 $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';437 $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; 438 438 439 439 ?> … … 551 551 <p> 552 552 <label for="user_login"><?php _e('Username') ?><br /> 553 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( stripslashes($user_login)); ?>" size="20" /></label>553 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label> 554 554 </p> 555 555 <p> 556 556 <label for="user_email"><?php _e('E-mail') ?><br /> 557 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( stripslashes($user_email)); ?>" size="25" /></label>557 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label> 558 558 </p> 559 559 <?php do_action('register_form'); ?> … … 671 671 672 672 if ( isset($_POST['log']) ) 673 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr( stripslashes($_POST['log'])) : '';673 $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : ''; 674 674 $rememberme = ! empty( $_POST['rememberme'] ); 675 675 ?> -
trunk/wp-mail.php
r23554 r23594 203 203 204 204 $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); 205 $post_data = add_magic_quotes($post_data);205 $post_data = wp_slash($post_data); 206 206 207 207 $post_ID = wp_insert_post($post_data); -
trunk/wp-trackback.php
r23554 r23594 46 46 47 47 // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 48 $title = isset($_POST['title']) ? stripslashes($_POST['title']) : '';49 $excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';50 $blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';48 $title = isset($_POST['title']) ? wp_unslash($_POST['title']) : ''; 49 $excerpt = isset($_POST['excerpt']) ? wp_unslash($_POST['excerpt']) : ''; 50 $blog_name = isset($_POST['blog_name']) ? wp_unslash($_POST['blog_name']) : ''; 51 51 52 52 if ($charset) … … 66 66 67 67 // Now that mb_convert_encoding() has been given a swing, we need to escape these three 68 $title = $wpdb->escape($title);69 $excerpt = $wpdb->escape($excerpt);70 $blog_name = $wpdb->escape($blog_name);68 $title = wp_slash($title); 69 $excerpt = wp_slash($excerpt); 70 $blog_name = wp_slash($blog_name); 71 71 72 72 if ( is_single() || is_page() )
Note: See TracChangeset
for help on using the changeset viewer.