Changeset 23594 for trunk/wp-includes/post.php

Timestamp:

03/03/2013 09:11:40 PM (13 years ago)

Author:

ryan

Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:

• trunk/wp-includes/post.php (modified) (9 diffs)

trunk/wp-includes/post.php

@@ -361 +361 @@
     }
 
-    // Strip leading and trailing whitespace
+    // ` leading and trailing whitespace
     $main = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $main);
     $extended = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $extended);
@@ -2798 +2798 @@
     $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
     $data = apply_filters('wp_insert_post_data', $data, $postarr);
-    $data = stripslashes_deep( $data );
+    $data = wp_unslash( $data );
     $where = array( 'ID' => $post_ID );
 
@@ -2811 +2811 @@
     } else {
         if ( isset($post_mime_type) )
-            $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
+            $data['post_mime_type'] = wp_unslash( $post_mime_type ); // This isn't in the update
         // If there is a suggested ID, use it if not already present
         if ( !empty($import_id) ) {
@@ -2905 +2905 @@
         // non-escaped post was passed
         $postarr = get_object_vars($postarr);
-        $postarr = add_magic_quotes($postarr);
+        $postarr = wp_slash($postarr);
     }
 
@@ -2912 +2912 @@
 
     // Escape data pulled from DB.
-    $post = add_magic_quotes($post);
+    $post = wp_slash($post);
 
     // Passed post category list overwrites existing category list if not empty.
@@ -3258 +3258 @@
     $new = apply_filters('add_ping', $new);
     // expected_slashed ($new)
-    $new = stripslashes($new);
+    $new = wp_unslash($new);
     return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) );
 }
@@ -3351 +3351 @@
         foreach( (array) $trackback_urls as $tb_url) {
             $tb_url = trim($tb_url);
-            trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
+            trackback($tb_url, wp_unslash($post_title), $excerpt, $post_id);
         }
     }
@@ -3695 +3695 @@
 
         // meta_key and meta_value might be slashed
-        $meta_key = stripslashes($meta_key);
-        $meta_value = stripslashes($meta_value);
+        $meta_key = wp_unslash($meta_key);
+        $meta_value = wp_unslash($meta_value);
         if ( ! empty( $meta_key ) )
             $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key);
@@ -3966 +3966 @@
     // expected_slashed (everything!)
     $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
-    $data = stripslashes_deep( $data );
+    $data = wp_unslash( $data );
 
     if ( $update ) {