Changeset 2699
- Timestamp:
- 07/05/2005 08:47:22 PM (21 years ago)
- Location:
- trunk
- Files:
-
- 19 edited
-
wp-admin/admin-functions.php (modified) (1 diff)
-
wp-admin/edit-page-form.php (modified) (1 diff)
-
wp-admin/import-blogger.php (modified) (2 diffs)
-
wp-admin/import-greymatter.php (modified) (7 diffs)
-
wp-admin/import-livejournal.php (modified) (2 diffs)
-
wp-admin/import-mt.php (modified) (10 diffs)
-
wp-admin/import-rss.php (modified) (2 diffs)
-
wp-admin/import-textpattern.php (modified) (1 diff)
-
wp-admin/install.php (modified) (2 diffs)
-
wp-admin/link-categories.php (modified) (2 diffs)
-
wp-admin/link-import.php (modified) (1 diff)
-
wp-admin/update-links.php (modified) (1 diff)
-
wp-admin/upgrade-functions.php (modified) (2 diffs)
-
wp-comments-post.php (modified) (1 diff)
-
wp-includes/comment-functions.php (modified) (1 diff)
-
wp-includes/functions-formatting.php (modified) (1 diff)
-
wp-includes/functions.php (modified) (2 diffs)
-
wp-settings.php (modified) (1 diff)
-
xmlrpc.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-functions.php
r2698 r2699 449 449 $pad = str_repeat('— ', $level); 450 450 if ( $user_level > 3 ) 451 $edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), addslashes($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>";451 $edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>"; 452 452 else 453 453 $edit = ''; -
trunk/wp-admin/edit-page-form.php
r2652 r2699 133 133 <th scope="row"><?php _e('Delete'); ?>:</th> 134 134 <td><?php if ('edit' == $action) : ?> 135 <input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />135 <input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> /> 136 136 <?php endif; ?></td> 137 137 </tr> -
trunk/wp-admin/import-blogger.php
r2687 r2699 63 63 $post_title = $postinfo[4]; 64 64 65 $post_author = trim( addslashes($postinfo[1]));65 $post_author = trim($wpdb->escape($postinfo[1])); 66 66 // we'll check the author is registered already 67 67 $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$post_author'"); 68 68 if (!$user) { // seems s/he's not, so let's register 69 69 $user_joindate = '1979-06-06 00:41:00'; // that's my birthdate (gmt+1) - I could choose any other date. You could change the date too. Just remember the year must be >=1970 or the world would just randomly fall on your head (everything might look fine, and then blam! major headache!) 70 $user_login = addslashes($post_author);71 $pass1 = addslashes('password');72 $user_email = addslashes('user@wordpress.org');73 $user_url = addslashes('');74 $user_joindate = addslashes($user_joindate);70 $user_login = $wpdb->escape($post_author); 71 $pass1 = $wpdb->escape('password'); 72 $user_email = $wpdb->escape('user@wordpress.org'); 73 $user_url = $wpdb->escape(''); 74 $user_joindate = $wpdb->escape($user_joindate); 75 75 $result = $wpdb->query(" 76 76 INSERT INTO $wpdb->users ( … … 112 112 $post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond"; 113 113 114 $post_content = addslashes($post_content);114 $post_content = $wpdb->escape($post_content); 115 115 $post_content = str_replace('<br>', '<br />', $post_content); // the XHTML touch... ;) 116 116 117 $post_title = addslashes($post_title);117 $post_title = $wpdb->escape($post_title); 118 118 119 119 // Quick-n-dirty check for dups: -
trunk/wp-admin/import-greymatter.php
r2687 r2699 91 91 $user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00"; 92 92 93 $user_login= addslashes($userdata[0]);94 $pass1= addslashes($userdata[1]);95 $user_nickname= addslashes($userdata[0]);96 $user_email= addslashes($userdata[2]);97 $user_url= addslashes($userdata[3]);98 $user_joindate= addslashes($user_joindate);93 $user_login=$wpdb->escape($userdata[0]); 94 $pass1=$wpdb->escape($userdata[1]); 95 $user_nickname=$wpdb->escape($userdata[0]); 96 $user_email=$wpdb->escape($userdata[2]); 97 $user_url=$wpdb->escape($userdata[3]); 98 $user_joindate=$wpdb->escape($user_joindate); 99 99 100 100 $loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'"); … … 148 148 $postmorecontent=gm2autobr($entry[3]); 149 149 150 $post_author=trim( addslashes($postinfo[1]));150 $post_author=trim($wpdb->escape($postinfo[1])); 151 151 // we'll check the author is registered, or if it's a deleted author 152 152 $sql = "SELECT * FROM $wpdb->users WHERE user_login = '$post_author'"; … … 154 154 if (! $result) { // if deleted from GM, we register the author as a level 0 user in wp 155 155 $user_joindate="1979-06-06 00:41:00"; 156 $user_login= addslashes($post_author);157 $pass1= addslashes("password");158 $user_nickname= addslashes($post_author);159 $user_email= addslashes("user@deleted.com");160 $user_url= addslashes("");161 $user_joindate= addslashes($user_joindate);156 $user_login=$wpdb->escape($post_author); 157 $pass1=$wpdb->escape("password"); 158 $user_nickname=$wpdb->escape($post_author); 159 $user_email=$wpdb->escape("user@deleted.com"); 160 $user_url=$wpdb->escape(""); 161 $user_joindate=$wpdb->escape($user_joindate); 162 162 $query = "INSERT INTO $wpdb->users (user_login,user_pass,user_email,user_url,user_registered,user_level) VALUES ('$user_login','$pass1','$user_email','$user_url','$user_joindate','0')"; 163 163 $result = $wpdb->query($query); … … 172 172 173 173 $post_title=gm2autobr($postinfo[2]); 174 $post_title= addslashes($post_title);174 $post_title=$wpdb->escape($post_title); 175 175 176 176 $postyear=$postinfo[6]; … … 189 189 if (strlen($postmorecontent)>3) 190 190 $post_content .= "<!--more--><br /><br />".$postmorecontent; 191 $post_content= addslashes($post_content);191 $post_content=$wpdb->escape($post_content); 192 192 193 193 $post_karma=$postinfo[12]; … … 223 223 $commentinfo=explode("|",$entry[$j]); 224 224 $comment_post_ID=$post_ID; 225 $comment_author= addslashes($commentinfo[0]);226 $comment_author_email= addslashes($commentinfo[2]);227 $comment_author_url= addslashes($commentinfo[3]);228 $comment_author_IP= addslashes($commentinfo[1]);225 $comment_author=$wpdb->escape($commentinfo[0]); 226 $comment_author_email=$wpdb->escape($commentinfo[2]); 227 $comment_author_url=$wpdb->escape($commentinfo[3]); 228 $comment_author_IP=$wpdb->escape($commentinfo[1]); 229 229 230 230 $commentyear=$commentinfo[7]; … … 238 238 $comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond"; 239 239 240 $comment_content= addslashes($commentinfo[12]);240 $comment_content=$wpdb->escape($commentinfo[12]); 241 241 242 242 $sql3 = "INSERT INTO $wpdb->comments (comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content) VALUES ('$comment_post_ID','$comment_author','$comment_author_email','$comment_author_url','$comment_author_IP','$comment_date','$comment_content')"; -
trunk/wp-admin/import-livejournal.php
r2687 r2699 83 83 84 84 preg_match('|<subject>(.*?)</subject>|is', $post, $title); 85 $title = addslashes( trim($title[1]) );85 $title = $wpdb->escape( trim($title[1]) ); 86 86 $post_name = sanitize_title($title); 87 87 … … 93 93 94 94 preg_match('|<event>(.*?)</event>|is', $post, $content); 95 $content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );95 $content = str_replace( array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($content[1]) ) ); 96 96 97 97 // Now lets put it in the DB -
trunk/wp-admin/import-mt.php
r2687 r2699 207 207 // We want the excerpt 208 208 preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt); 209 $excerpt = addslashes(trim($excerpt[1]));209 $excerpt = $wpdb->escape(trim($excerpt[1])); 210 210 $post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post); 211 211 … … 219 219 preg_match("|-----\nBODY:(.*)|s", $post, $body); 220 220 $body = trim($body[1]); 221 $post_content = addslashes($body . $extended);221 $post_content = $wpdb->escape($body . $extended); 222 222 $post = preg_replace("|(-----\nBODY:.*)|s", '', $post); 223 223 … … 236 236 break; 237 237 case 'TITLE': 238 $post_title = addslashes($value);238 $post_title = $wpdb->escape($value); 239 239 echo '<i>'.stripslashes($post_title).'</i>... '; 240 240 $post_name = sanitize_title($post_title); … … 265 265 break; 266 266 case 'PRIMARY CATEGORY': 267 $post_categories[] = addslashes($value);267 $post_categories[] = $wpdb->escape($value); 268 268 break; 269 269 case 'CATEGORY': 270 $post_categories[] = addslashes($value);270 $post_categories[] = $wpdb->escape($value); 271 271 break; 272 272 case 'DATE': … … 324 324 // Author 325 325 preg_match("|AUTHOR:(.*)|", $comment, $comment_author); 326 $comment_author = addslashes(trim($comment_author[1]));326 $comment_author = $wpdb->escape(trim($comment_author[1])); 327 327 $comment = preg_replace('|(\n?AUTHOR:.*)|', '', $comment); 328 328 329 329 preg_match("|EMAIL:(.*)|", $comment, $comment_email); 330 $comment_email = addslashes(trim($comment_email[1]));330 $comment_email = $wpdb->escape(trim($comment_email[1])); 331 331 $comment = preg_replace('|(\n?EMAIL:.*)|', '', $comment); 332 332 … … 336 336 337 337 preg_match("|URL:(.*)|", $comment, $comment_url); 338 $comment_url = addslashes(trim($comment_url[1]));338 $comment_url = $wpdb->escape(trim($comment_url[1])); 339 339 $comment = preg_replace('|(\n?URL:.*)|', '', $comment); 340 340 … … 344 344 $comment = preg_replace('|(\n?DATE:.*)|', '', $comment); 345 345 346 $comment_content = addslashes(trim($comment));346 $comment_content = $wpdb->escape(trim($comment)); 347 347 $comment_content = str_replace('-----', '', $comment_content); 348 348 … … 365 365 // 'Author' 366 366 preg_match("|BLOG NAME:(.*)|", $ping, $comment_author); 367 $comment_author = addslashes(trim($comment_author[1]));367 $comment_author = $wpdb->escape(trim($comment_author[1])); 368 368 $ping = preg_replace('|(\n?BLOG NAME:.*)|', '', $ping); 369 369 … … 375 375 376 376 preg_match("|URL:(.*)|", $ping, $comment_url); 377 $comment_url = addslashes(trim($comment_url[1]));377 $comment_url = $wpdb->escape(trim($comment_url[1])); 378 378 $ping = preg_replace('|(\n?URL:.*)|', '', $ping); 379 379 … … 384 384 385 385 preg_match("|TITLE:(.*)|", $ping, $ping_title); 386 $ping_title = addslashes(trim($ping_title[1]));386 $ping_title = $wpdb->escape(trim($ping_title[1])); 387 387 $ping = preg_replace('|(\n?TITLE:.*)|', '', $ping); 388 388 389 $comment_content = addslashes(trim($ping));389 $comment_content = $wpdb->escape(trim($ping)); 390 390 $comment_content = str_replace('-----', '', $comment_content); 391 391 -
trunk/wp-admin/import-rss.php
r2687 r2699 88 88 89 89 preg_match('|<title>(.*?)</title>|is', $post, $title); 90 $title = addslashes( trim($title[1]) );90 $title = $wpdb->escape( trim($title[1]) ); 91 91 $post_name = sanitize_title($title); 92 92 … … 113 113 114 114 preg_match('|<guid.+?>(.*?)</guid>|is', $post, $guid); 115 if ($guid) $guid = addslashes( trim($guid[1]) );115 if ($guid) $guid = $wpdb->escape( trim($guid[1]) ); 116 116 else $guid = ''; 117 117 118 118 preg_match('|<content:encoded>(.*?)</content:encoded>|is', $post, $content); 119 $content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );119 $content = str_replace( array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($content[1]) ) ); 120 120 121 121 if (!$content) : // This is for feeds that put content in description -
trunk/wp-admin/import-textpattern.php
r2687 r2699 99 99 $posted = date('Y-m-d H:i:s', $timestamp); 100 100 101 $content = addslashes($post['Body_html']);102 $title = addslashes($post['Title']);101 $content = $wpdb->escape($post['Body_html']); 102 $title = $wpdb->escape($post['Title']); 103 103 $post_name = sanitize_title($title); 104 104 -
trunk/wp-admin/install.php
r2664 r2699 144 144 145 145 // Now drop in some default links 146 $wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '". addslashes(__('Blogroll'))."')");146 $wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".$wpdb->escape(__('Blogroll'))."')"); 147 147 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blog.carthik.net/index.php', 'Carthik', 1, 'http://blog.carthik.net/feed/');"); 148 148 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/');"); … … 155 155 156 156 // Default category 157 $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '". addslashes(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')");157 $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '".$wpdb->escape(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')"); 158 158 159 159 // First post 160 160 $now = date('Y-m-d H:i:s'); 161 161 $now_gmt = gmdate('Y-m-d H:i:s'); 162 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '". addslashes(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".addslashes(__('Hello world!'))."', '0', '".addslashes(__('hello-world'))."', '$now', '$now_gmt')");162 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(__('hello-world'))."', '$now', '$now_gmt')"); 163 163 164 164 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" ); 165 165 166 166 // Default comment 167 $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '". addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");167 $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')"); 168 168 169 169 // First Page 170 170 171 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status) VALUES ('1', '$now', '$now_gmt', '". addslashes(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '".addslashes(__('About'))."', '0', '".addslashes(__('about'))."', '$now', '$now_gmt', 'static')");171 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static')"); 172 172 173 173 // Set up admin user -
trunk/wp-admin/link-categories.php
r2445 r2699 61 61 $sort_desc = 'N'; 62 62 } 63 $text_before_link = addslashes($_POST['text_before_link']);64 $text_after_link = addslashes($_POST['text_after_link']);65 $text_after_all = addslashes($_POST['text_after_all']);63 $text_before_link = $_POST['text_before_link']; 64 $text_after_link = $_POST['text_after_link']; 65 $text_after_all = $_POST['text_after_all']; 66 66 67 67 $list_limit = $_POST['list_limit']; … … 239 239 $sort_desc = 'N'; 240 240 } 241 $text_before_link = addslashes($_POST["text_before_link"]);242 $text_after_link = addslashes($_POST["text_after_link"]);243 $text_after_all = addslashes($_POST["text_after_all"]);241 $text_before_link = $_POST["text_before_link"]; 242 $text_after_link = $_POST["text_after_link"]; 243 $text_after_all = $_POST["text_after_all"]; 244 244 245 245 $list_limit = $_POST["list_limit"]; -
trunk/wp-admin/link-import.php
r2446 r2699 108 108 $titles[$i] = ''; 109 109 $query = "INSERT INTO $wpdb->links (link_url, link_name, link_target, link_category, link_description, link_owner, link_rss) 110 VALUES('{$urls[$i]}', '". addslashes($names[$i])."', '', $cat_id, '".addslashes($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";110 VALUES('{$urls[$i]}', '".$wpdb->escape($names[$i])."', '', $cat_id, '".$wpdb->escape($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n"; 111 111 $result = $wpdb->query($query); 112 112 echo sprintf(__("<p>Inserted <strong>%s</strong></p>"), $names[$i]); -
trunk/wp-admin/update-links.php
r2495 r2699 37 37 38 38 foreach ($returns as $return) : 39 $time = addslashes( substr($return, 0, 19) );40 $uri = addslashes( preg_replace('/(.*?) | (.*?)/', '$2', $return) );39 $time = $wpdb->escape( substr($return, 0, 19) ); 40 $uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) ); 41 41 $wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'"); 42 42 endforeach; -
trunk/wp-admin/upgrade-functions.php
r2643 r2699 222 222 foreach ( $users as $user ) : 223 223 if ( !empty( $user->user_firstname ) ) 224 update_usermeta( $user->ID, 'first_name', addslashes($user->user_firstname) );224 update_usermeta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) ); 225 225 if ( !empty( $user->user_lastname ) ) 226 update_usermeta( $user->ID, 'last_name', addslashes($user->user_lastname) );226 update_usermeta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) ); 227 227 if ( !empty( $user->user_nickname ) ) 228 update_usermeta( $user->ID, 'nickname', addslashes($user->user_nickname) );228 update_usermeta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) ); 229 229 if ( !empty( $user->user_level ) ) 230 230 update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level ); 231 231 if ( !empty( $user->user_icq ) ) 232 update_usermeta( $user->ID, 'icq', addslashes($user->user_icq) );232 update_usermeta( $user->ID, 'icq', $wpdb->escape($user->user_icq) ); 233 233 if ( !empty( $user->user_aim ) ) 234 update_usermeta( $user->ID, 'aim', addslashes($user->user_aim) );234 update_usermeta( $user->ID, 'aim', $wpdb->escape($user->user_aim) ); 235 235 if ( !empty( $user->user_msn ) ) 236 update_usermeta( $user->ID, 'msn', addslashes($user->user_msn) );236 update_usermeta( $user->ID, 'msn', $wpdb->escape($user->user_msn) ); 237 237 if ( !empty( $user->user_yim ) ) 238 update_usermeta( $user->ID, 'yim', addslashes($user->user_icq) );238 update_usermeta( $user->ID, 'yim', $wpdb->escape($user->user_icq) ); 239 239 if ( !empty( $user->user_description ) ) 240 update_usermeta( $user->ID, 'description', addslashes($user->user_description) );240 update_usermeta( $user->ID, 'description', $wpdb->escape($user->user_description) ); 241 241 242 242 if ( !isset( $user->user_idmode ) ): … … 249 249 if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; 250 250 if (!$idmode) $id = $user->user_nickname; 251 $id = addslashes( $id );251 $id = $wpdb->escape( $id ); 252 252 $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'"); 253 253 endif; -
trunk/wp-comments-post.php
r2623 r2699 25 25 get_currentuserinfo(); 26 26 if ( $user_ID ) : 27 $comment_author = addslashes($user_identity);28 $comment_author_email = addslashes($user_email);29 $comment_author_url = addslashes($user_url);27 $comment_author = $wpdb->escape($user_identity); 28 $comment_author_email = $wpdb->escape($user_email); 29 $comment_author_url = $wpdb->escape($user_url); 30 30 else : 31 31 if ( get_option('comment_registration') ) -
trunk/wp-includes/comment-functions.php
r2685 r2699 14 14 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date"); 15 15 } else { 16 $author_db = addslashes($comment_author);17 $email_db = addslashes($comment_author_email);16 $author_db = $wpdb->escape($comment_author); 17 $email_db = $wpdb->escape($comment_author_email); 18 18 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date"); 19 19 } -
trunk/wp-includes/functions-formatting.php
r2689 r2699 524 524 525 525 function addslashes_gpc($gpc) { 526 if (!get_magic_quotes_gpc()) { 527 $gpc = addslashes($gpc); 528 } 529 return $gpc; 526 global $wpdb; 527 528 if (get_magic_quotes_gpc()) { 529 $gpc = stripslashes($gpc); 530 } 531 532 return $wpdb->escape($gpc); 530 533 } 531 534 -
trunk/wp-includes/functions.php
r2697 r2699 844 844 if ( $headers = wp_get_http_headers( $url) ) { 845 845 $len = (int) $headers['content-length']; 846 $type = addslashes( $headers['content-type'] );846 $type = $wpdb->escape( $headers['content-type'] ); 847 847 $allowed_types = array( 'video', 'audio' ); 848 848 if( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { … … 1883 1883 1884 1884 function add_magic_quotes($array) { 1885 global $wpdb; 1886 1885 1887 foreach ($array as $k => $v) { 1886 1888 if (is_array($v)) { 1887 1889 $array[$k] = add_magic_quotes($v); 1888 1890 } else { 1889 $array[$k] = addslashes($v);1891 $array[$k] = $wpdb->escape($v); 1890 1892 } 1891 1893 } -
trunk/wp-settings.php
r2632 r2699 137 137 require_once(ABSPATH . WPINC . '/locale.php'); 138 138 139 if ( !get_magic_quotes_gpc() ) { 140 $_GET = add_magic_quotes($_GET ); 141 $_POST = add_magic_quotes($_POST ); 142 $_COOKIE = add_magic_quotes($_COOKIE); 143 $_SERVER = add_magic_quotes($_SERVER); 139 // If already slashed, strip. 140 if ( get_magic_quotes_gpc() ) { 141 $_GET = stripslashes($_GET ); 142 $_POST = stripslashes($_POST ); 143 $_COOKIE = stripslashes($_COOKIE); 144 $_SERVER = stripslashes($_SERVER); 144 145 } 146 147 // Escape with wpdb. 148 $_GET = add_magic_quotes($_GET ); 149 $_POST = add_magic_quotes($_POST ); 150 $_COOKIE = add_magic_quotes($_COOKIE); 151 $_SERVER = add_magic_quotes($_SERVER); 145 152 146 153 function shutdown_action_hook() { -
trunk/xmlrpc.php
r2694 r2699 1250 1250 $context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]'; 1251 1251 $original_pagelinkedfrom = $pagelinkedfrom; 1252 $pagelinkedfrom = addslashes( $pagelinkedfrom );1252 $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); 1253 1253 $original_title = $title; 1254 1254
Note: See TracChangeset
for help on using the changeset viewer.