Changeset 9521

Timestamp:

11/05/2008 06:47:35 AM (16 years ago)

Author:

markjaquith

Message:

stripslashes() on plugin-install.php stuff

File:

• trunk/wp-admin/includes/plugin-install.php (modified) (7 diffs)

trunk/wp-admin/includes/plugin-install.php

@@ -87 +87 @@
  */
 function install_search($page) {
-    $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
-    $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
+    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
+    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
 
     $args = array();
@@ -163 +163 @@
  */
 function install_search_form(){
-    $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
-    $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
+    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
+    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
 
     ?><form id="search-plugins" method="post" action="<?php echo admin_url('plugin-install.php?tab=search') ?>">
@@ -250 +250 @@
     global $tab;
 
-    $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
-    $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
+    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
+    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
 
     $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
@@ -376 +376 @@
     global $tab;
 
-    $api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin']));
+    $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) ));
 
     if ( is_wp_error($api) )
@@ -391 +391 @@
         $api->$key = wp_kses($api->$key, $plugins_allowedtags);
 
-    $section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English.
+    $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
     if( empty($section) || ! isset($api->sections[ $section ]) )
         $section = array_shift( $section_titles = array_keys((array)$api->sections) );
@@ -553 +553 @@
 function install_plugin() {
 
-    $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
+    $plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : '';
 
     check_admin_referer('install-plugin_' . $plugin);
@@ -585 +585 @@
     }
 
-    $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
+    $plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : '';
 
     $url = 'plugin-install.php?tab=install';
-    $url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => $_REQUEST['plugin_name'], 'download_url' => $_REQUEST['download_url']), $url);
+    $url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => stripslashes( $_REQUEST['plugin_name'] ), 'download_url' => stripslashes( $_REQUEST['download_url'] ) ), $url);
 
     $url = wp_nonce_url($url, 'install-plugin_' . $plugin);