WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/03/2013 09:11:40 PM (8 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r23554 r23594  
    361361    }
    362362
    363     // Strip leading and trailing whitespace
     363    // ` leading and trailing whitespace
    364364    $main = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $main);
    365365    $extended = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $extended);
     
    27982798    $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
    27992799    $data = apply_filters('wp_insert_post_data', $data, $postarr);
    2800     $data = stripslashes_deep( $data );
     2800    $data = wp_unslash( $data );
    28012801    $where = array( 'ID' => $post_ID );
    28022802
     
    28112811    } else {
    28122812        if ( isset($post_mime_type) )
    2813             $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
     2813            $data['post_mime_type'] = wp_unslash( $post_mime_type ); // This isn't in the update
    28142814        // If there is a suggested ID, use it if not already present
    28152815        if ( !empty($import_id) ) {
     
    29052905        // non-escaped post was passed
    29062906        $postarr = get_object_vars($postarr);
    2907         $postarr = add_magic_quotes($postarr);
     2907        $postarr = wp_slash($postarr);
    29082908    }
    29092909
     
    29122912
    29132913    // Escape data pulled from DB.
    2914     $post = add_magic_quotes($post);
     2914    $post = wp_slash($post);
    29152915
    29162916    // Passed post category list overwrites existing category list if not empty.
     
    32583258    $new = apply_filters('add_ping', $new);
    32593259    // expected_slashed ($new)
    3260     $new = stripslashes($new);
     3260    $new = wp_unslash($new);
    32613261    return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) );
    32623262}
     
    33513351        foreach( (array) $trackback_urls as $tb_url) {
    33523352            $tb_url = trim($tb_url);
    3353             trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
     3353            trackback($tb_url, wp_unslash($post_title), $excerpt, $post_id);
    33543354        }
    33553355    }
     
    36953695
    36963696        // meta_key and meta_value might be slashed
    3697         $meta_key = stripslashes($meta_key);
    3698         $meta_value = stripslashes($meta_value);
     3697        $meta_key = wp_unslash($meta_key);
     3698        $meta_value = wp_unslash($meta_value);
    36993699        if ( ! empty( $meta_key ) )
    37003700            $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key);
     
    39663966    // expected_slashed (everything!)
    39673967    $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
    3968     $data = stripslashes_deep( $data );
     3968    $data = wp_unslash( $data );
    39693969
    39703970    if ( $update ) {
Note: See TracChangeset for help on using the changeset viewer.