WordPress.org

Make WordPress Core

Changeset 9521


Ignore:
Timestamp:
11/05/2008 06:47:35 AM (10 years ago)
Author:
markjaquith
Message:

stripslashes() on plugin-install.php stuff

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/plugin-install.php

    r9506 r9521  
    8787 */
    8888function install_search($page) {
    89     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
    90     $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
     89    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
     90    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
    9191
    9292    $args = array();
     
    163163 */
    164164function install_search_form(){
    165     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
    166     $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
     165    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
     166    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
    167167
    168168    ?><form id="search-plugins" method="post" action="<?php echo admin_url('plugin-install.php?tab=search') ?>">
     
    250250    global $tab;
    251251
    252     $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
    253     $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
     252    $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
     253    $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
    254254
    255255    $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
     
    376376    global $tab;
    377377
    378     $api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin']));
     378    $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) ));
    379379
    380380    if ( is_wp_error($api) )
     
    391391        $api->$key = wp_kses($api->$key, $plugins_allowedtags);
    392392
    393     $section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English.
     393    $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
    394394    if( empty($section) || ! isset($api->sections[ $section ]) )
    395395        $section = array_shift( $section_titles = array_keys((array)$api->sections) );
     
    553553function install_plugin() {
    554554
    555     $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
     555    $plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : '';
    556556
    557557    check_admin_referer('install-plugin_' . $plugin);
     
    585585    }
    586586
    587     $plugin = isset($_REQUEST['plugin']) ? $_REQUEST['plugin'] : '';
     587    $plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : '';
    588588
    589589    $url = 'plugin-install.php?tab=install';
    590     $url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => $_REQUEST['plugin_name'], 'download_url' => $_REQUEST['download_url']), $url);
     590    $url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => stripslashes( $_REQUEST['plugin_name'] ), 'download_url' => stripslashes( $_REQUEST['download_url'] ) ), $url);
    591591
    592592    $url = wp_nonce_url($url, 'install-plugin_' . $plugin);
Note: See TracChangeset for help on using the changeset viewer.