WordPress.org

Make WordPress Core

Changeset 9521


Ignore:
Timestamp:
11/05/08 06:47:35 (5 years ago)
Author:
markjaquith
Message:

stripslashes() on plugin-install.php stuff

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/plugin-install.php

    r9506 r9521  
    8787 */ 
    8888function install_search($page) { 
    89     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : ''; 
    90     $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; 
     89    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : ''; 
     90    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; 
    9191 
    9292    $args = array(); 
     
    163163 */ 
    164164function install_search_form(){ 
    165     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : ''; 
    166     $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; 
     165    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : ''; 
     166    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; 
    167167 
    168168    ?><form id="search-plugins" method="post" action="<?php echo admin_url('plugin-install.php?tab=search') ?>"> 
     
    250250    global $tab; 
    251251 
    252     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : ''; 
    253     $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; 
     252    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : ''; 
     253    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; 
    254254 
    255255    $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()), 
     
    376376    global $tab; 
    377377 
    378     $api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin'])); 
     378    $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) )); 
    379379 
    380380    if ( is_wp_error($api) ) 
     
    391391        $api->$key = wp_kses($api->$key, $plugins_allowedtags); 
    392392 
    393     $section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English. 
     393    $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English. 
    394394    if( empty($section) || ! isset($api->sections[ $section ]) ) 
    395395        $section = array_shift( $section_titles = array_keys((array)$api->sections) ); 
     
    553553function install_plugin() { 
    554554 
    555     $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : ''; 
     555    $plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : ''; 
    556556 
    557557    check_admin_referer('install-plugin_' . $plugin); 
     
    585585    } 
    586586 
    587     $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : ''; 
     587    $plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : ''; 
    588588 
    589589    $url = 'plugin-install.php?tab=install'; 
    590     $url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => $_REQUEST['plugin_name'], 'download_url' => $_REQUEST['download_url']), $url); 
     590    $url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => stripslashes( $_REQUEST['plugin_name'] ), 'download_url' => stripslashes( $_REQUEST['download_url'] ) ), $url); 
    591591 
    592592    $url = wp_nonce_url($url, 'install-plugin_' . $plugin); 
Note: See TracChangeset for help on using the changeset viewer.