WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/03/2013 09:11:40 PM (8 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-trackback.php

    r23554 r23594  
    4646
    4747// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
    48 $title     = isset($_POST['title'])     ? stripslashes($_POST['title'])      : '';
    49 $excerpt   = isset($_POST['excerpt'])   ? stripslashes($_POST['excerpt'])    : '';
    50 $blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name'])  : '';
     48$title     = isset($_POST['title'])     ? wp_unslash($_POST['title'])      : '';
     49$excerpt   = isset($_POST['excerpt'])   ? wp_unslash($_POST['excerpt'])    : '';
     50$blog_name = isset($_POST['blog_name']) ? wp_unslash($_POST['blog_name'])  : '';
    5151
    5252if ($charset)
     
    6666
    6767// Now that mb_convert_encoding() has been given a swing, we need to escape these three
    68 $title     = $wpdb->escape($title);
    69 $excerpt   = $wpdb->escape($excerpt);
    70 $blog_name = $wpdb->escape($blog_name);
     68$title     = wp_slash($title);
     69$excerpt   = wp_slash($excerpt);
     70$blog_name = wp_slash($blog_name);
    7171
    7272if ( is_single() || is_page() )
Note: See TracChangeset for help on using the changeset viewer.