Changeset 24713
- Timestamp:
- 07/16/2013 02:19:03 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/ajax-actions.php
r24707 r24713 740 740 if ( $user->exists() ) { 741 741 $user_ID = $user->ID; 742 $comment_author = $wpdb->escape($user->display_name);743 $comment_author_email = $wpdb->escape($user->user_email);744 $comment_author_url = $wpdb->escape($user->user_url);742 $comment_author = wp_slash( $user->display_name ); 743 $comment_author_email = wp_slash( $user->user_email ); 744 $comment_author_url = wp_slash( $user->user_url ); 745 745 $comment_content = trim($_POST['content']); 746 746 if ( current_user_can( 'unfiltered_html' ) ) { -
trunk/wp-admin/includes/post.php
r24593 r24713 647 647 return false; 648 648 649 $metakey = esc_sql( $metakey );649 $metakey = wp_slash( $metakey ); 650 650 651 651 return add_post_meta( $post_ID, $metakey, $metavalue ); -
trunk/wp-comments-post.php
r23554 r24713 58 58 if ( empty( $user->display_name ) ) 59 59 $user->display_name=$user->user_login; 60 $comment_author = $wpdb->escape($user->display_name);61 $comment_author_email = $wpdb->escape($user->user_email);62 $comment_author_url = $wpdb->escape($user->user_url);60 $comment_author = wp_slash( $user->display_name ); 61 $comment_author_email = wp_slash( $user->user_email ); 62 $comment_author_url = wp_slash( $user->user_url ); 63 63 if ( current_user_can('unfiltered_html') ) { 64 64 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { -
trunk/wp-includes/comment.php
r24490 r24713 1493 1493 1494 1494 // Escape data pulled from DB. 1495 $comment = esc_sql($comment);1495 $comment = wp_slash($comment); 1496 1496 1497 1497 $old_status = $comment['comment_approved'];
Note: See TracChangeset
for help on using the changeset viewer.