Make WordPress Core


Ignore:
Timestamp:
03/07/2006 01:47:45 AM (18 years ago)
Author:
ryan
Message:

Security back ports from masquerade and MarkJaquith.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/1.5/wp-settings.php

    r2783 r3627  
    154154require_once(ABSPATH . WPINC . '/locale.php');
    155155
    156 if ( !get_magic_quotes_gpc() ) {
    157     $_GET    = add_magic_quotes($_GET   );
    158     $_POST   = add_magic_quotes($_POST  );
    159     $_COOKIE = add_magic_quotes($_COOKIE);
    160     $_SERVER = add_magic_quotes($_SERVER);
     156// If already slashed, strip.
     157if ( get_magic_quotes_gpc() ) {
     158    $_GET    = stripslashes_deep($_GET   );
     159    $_POST   = stripslashes_deep($_POST  );
     160    $_COOKIE = stripslashes_deep($_COOKIE);
    161161}
     162
     163// Escape with wpdb.
     164$_GET    = add_magic_quotes($_GET   );
     165$_POST   = add_magic_quotes($_POST  );
     166$_COOKIE = add_magic_quotes($_COOKIE);
     167$_SERVER = add_magic_quotes($_SERVER);
    162168
    163169function shutdown_action_hook() {
Note: See TracChangeset for help on using the changeset viewer.