Index: wp-login.php =================================================================== --- wp-login.php (revision 23401) +++ wp-login.php (working copy) @@ -396,7 +396,7 @@ } // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); + setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit(); @@ -431,7 +431,7 @@ do_action('lost_password'); login_header(__('Lost Password'), '

' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '

', $errors); - $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; + $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; ?> @@ -530,8 +530,8 @@ $user_login = ''; $user_email = ''; if ( $http_post ) { - $user_login = $_POST['user_login']; - $user_email = $_POST['user_email']; + $user_login = wp_unslash( $_POST['user_login'] ); + $user_email = wp_unslash( $_POST['user_email'] ); $errors = register_new_user($user_login, $user_email); if ( !is_wp_error($errors) ) { $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; @@ -547,11 +547,11 @@

+

+

@@ -673,7 +673,7 @@ login_header(__('Log In'), '', $errors); if ( isset($_POST['log']) ) - $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; + $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; $rememberme = ! empty( $_POST['rememberme'] ); ?> Index: wp-comments-post.php =================================================================== --- wp-comments-post.php (revision 23401) +++ wp-comments-post.php (working copy) @@ -17,8 +17,10 @@ nocache_headers(); -$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; +$post_data = wp_unslash( $_POST ); +$comment_post_ID = isset($post_data['comment_post_ID']) ? (int) $post_data['comment_post_ID'] : 0; + $post = get_post($comment_post_ID); if ( empty($post->comment_status) ) { @@ -47,21 +49,21 @@ do_action('pre_comment_on_post', $comment_post_ID); } -$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; -$comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; -$comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; -$comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; +$comment_author = ( isset( $post_data['author'] ) ) ? trim( strip_tags( $post_data['author'] ) ) : null; +$comment_author_email = ( isset( $post_data['email'] ) ) ? trim( $post_data['email'] ) : null; +$comment_author_url = ( isset( $post_data['url'] ) ) ? trim( $post_data['url'] ) : null; +$comment_content = ( isset( $post_data['comment'] ) ) ? trim( $post_data['comment'] ) : null; // If the user is logged in $user = wp_get_current_user(); if ( $user->exists() ) { if ( empty( $user->display_name ) ) - $user->display_name=$user->user_login; - $comment_author = $wpdb->escape($user->display_name); - $comment_author_email = $wpdb->escape($user->user_email); - $comment_author_url = $wpdb->escape($user->user_url); + $user->display_name = $user->user_login; + $comment_author = $user->display_name; + $comment_author_email = $user->user_email; + $comment_author_url = $user->user_url; if ( current_user_can('unfiltered_html') ) { - if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { + if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $post_data['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } @@ -83,7 +85,7 @@ if ( '' == $comment_content ) wp_die( __('ERROR: please type a comment.') ); -$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; +$comment_parent = isset($post_data['comment_parent']) ? absint($post_data['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); @@ -92,7 +94,7 @@ $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); -$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; +$location = empty($post_data['redirect_to']) ? get_comment_link($comment_id) : $post_data['redirect_to'] . '#comment-' . $comment_id; $location = apply_filters('comment_post_redirect', $location, $comment); wp_safe_redirect( $location ); Index: wp-includes/default-filters.php =================================================================== --- wp-includes/default-filters.php (revision 23401) +++ wp-includes/default-filters.php (working copy) @@ -14,8 +14,8 @@ // Strip, trim, kses, special chars for string saves foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) { - add_filter( $filter, 'sanitize_text_field' ); - add_filter( $filter, 'wp_filter_kses' ); + add_filter( $filter, 'sanitize_text_field' ); + add_filter( $filter, 'wp_kses_data' ); add_filter( $filter, '_wp_specialchars', 30 ); } @@ -31,22 +31,21 @@ // Kses only for textarea saves foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) { - add_filter( $filter, 'wp_filter_kses' ); + add_filter( $filter, 'wp_kses_data' ); } // Kses only for textarea admin displays if ( is_admin() ) { - foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) { + foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { add_filter( $filter, 'wp_kses_data' ); } - add_filter( 'comment_text', 'wp_kses_post' ); } // Email saves foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) { add_filter( $filter, 'trim' ); add_filter( $filter, 'sanitize_email' ); - add_filter( $filter, 'wp_filter_kses' ); + add_filter( $filter, 'wp_kses_data' ); } // Email admin display Index: wp-includes/post-template.php =================================================================== --- wp-includes/post-template.php (revision 23401) +++ wp-includes/post-template.php (working copy) @@ -583,7 +583,7 @@ $wp_hasher = new PasswordHash(8, true); } - $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); + $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); } Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 23401) +++ wp-includes/taxonomy.php (working copy) @@ -953,8 +953,7 @@ if ( empty($value) ) return false; } else if ( 'name' == $field ) { - // Assume already escaped - $value = stripslashes($value); + $value = $value; $field = 't.name'; } else { $term = get_term( (int) $value, $taxonomy, $output, $filter); @@ -1494,7 +1493,7 @@ return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) ); } - $term = trim( stripslashes( $term ) ); + $term = trim( $term ); if ( '' === $slug = sanitize_title($term) ) return 0; @@ -2056,10 +2055,6 @@ $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); - // expected_slashed ($name) - $name = stripslashes($name); - $description = stripslashes($description); - if ( empty($slug) ) $slug = sanitize_title($name); @@ -2439,9 +2434,6 @@ if ( is_wp_error( $term ) ) return $term; - // Escape data pulled from DB. - $term = add_magic_quotes($term); - // Merge old and new args with new args overwriting old ones. $args = array_merge($term, $args); @@ -2450,10 +2442,6 @@ $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); - // expected_slashed ($name) - $name = stripslashes($name); - $description = stripslashes($description); - if ( '' == trim($name) ) return new WP_Error('empty_term_name', __('A name is required for this term')); Index: wp-includes/ms-files.php =================================================================== --- wp-includes/ms-files.php (revision 23401) +++ wp-includes/ms-files.php (working copy) @@ -58,7 +58,7 @@ header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); // Support for Conditional GET -$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; +$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; Index: wp-includes/class-wp-customize-manager.php =================================================================== --- wp-includes/class-wp-customize-manager.php (revision 23401) +++ wp-includes/class-wp-customize-manager.php (working copy) @@ -310,7 +310,7 @@ public function post_value( $setting ) { if ( ! isset( $this->_post_values ) ) { if ( isset( $_POST['customized'] ) ) - $this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true ); + $this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true ); else $this->_post_values = false; } Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (revision 23401) +++ wp-includes/post.php (working copy) @@ -1742,17 +1742,41 @@ * @link http://codex.wordpress.org/Function_Reference/add_post_meta * * @param int $post_id Post ID. - * @param string $meta_key Metadata name. - * @param mixed $meta_value Metadata value. + * @param string $meta_key Metadata name (expected slashed). + * @param mixed $meta_value Metadata value (expected slashed). * @param bool $unique Optional, default is false. Whether the same key should not be added. * @return bool False for failure. True for success. */ -function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { +function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) { + _deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' ); + + // expected slashed + $meta_key = stripslashes( $meta_key ); + $meta_value = stripslashes_deep( $meta_value ); + + return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique ); +} + +/** + * Add meta data field to a post. + * + * Post meta data is called "Custom Fields" on the Administration Screen. + * + * @since 3.6.0 + * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta + * + * @param int $post_id Post ID. + * @param string $meta_key Metadata name (clean, slashes already stripped). + * @param mixed $meta_value Metadata value (clean, slashes already stripped). + * @param bool $unique Optional, default is false. Whether the same key should not be added. + * @return bool False for failure. True for success. + */ +function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) { // make sure meta is added to the post, not a revision - if ( $the_post = wp_is_post_revision($post_id) ) + if ( $the_post = wp_is_post_revision( $post_id ) ) $post_id = $the_post; - return add_metadata('post', $post_id, $meta_key, $meta_value, $unique); + return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique ); } /** @@ -1809,17 +1833,45 @@ * @link http://codex.wordpress.org/Function_Reference/update_post_meta * * @param int $post_id Post ID. - * @param string $meta_key Metadata key. - * @param mixed $meta_value Metadata value. + * @param string $meta_key Metadata key (expected slashed). + * @param mixed $meta_value Metadata value (expected slashed). * @param mixed $prev_value Optional. Previous value to check before removing. * @return bool False on failure, true if success. */ -function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { +function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) { + _deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' ); + + // expected slashed + $meta_key = stripslashes( $meta_key ); + $meta_value = stripslashes_deep( $meta_value ); + + return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value ); +} + +/** + * Update post meta field based on post ID. + * + * Use the $prev_value parameter to differentiate between meta fields with the + * same key and post ID. + * + * If the meta field for the post does not exist, it will be added. + * + * @since 3.6.0 + * @uses $wpdb + * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta + * + * @param int $post_id Post ID. + * @param string $meta_key Metadata key (clean, slashes already stripped). + * @param mixed $meta_value Metadata value (clean, slashes already stripped). + * @param mixed $prev_value Optional. Previous value to check before removing. + * @return bool False on failure, true if success. + */ +function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) { // make sure meta is added to the post, not a revision - if ( $the_post = wp_is_post_revision($post_id) ) + if ( $the_post = wp_is_post_revision( $post_id ) ) $post_id = $the_post; - return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value); + return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value ); } /** @@ -2406,8 +2458,8 @@ do_action('wp_trash_post', $post_id); - add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); - add_post_meta($post_id,'_wp_trash_meta_time', time()); + wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); + wp_add_post_meta($post_id,'_wp_trash_meta_time', time()); $post['post_status'] = 'trash'; wp_insert_post($post); @@ -2483,7 +2535,7 @@ $statuses = array(); foreach ( $comments as $comment ) $statuses[$comment->comment_ID] = $comment->comment_approved; - add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); + wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); // Set status for all comments to post-trashed $result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id)); @@ -2859,10 +2911,8 @@ $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); - // expected_slashed (everything!) $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); $data = apply_filters('wp_insert_post_data', $data, $postarr); - $data = stripslashes_deep( $data ); $where = array( 'ID' => $post_ID ); if ( $update ) { @@ -2875,7 +2925,7 @@ } } else { if ( isset($post_mime_type) ) - $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update + $data['post_mime_type'] = $post_mime_type; // This isn't in the update // If there is a suggested ID, use it if not already present if ( !empty($import_id) ) { $import_id = (int) $import_id; @@ -2936,7 +2986,7 @@ else return 0; } - update_post_meta($post_ID, '_wp_page_template', $page_template); + wp_update_post_meta($post_ID, '_wp_page_template', $page_template); } wp_transition_post_status($data['post_status'], $previous_status, $post); @@ -2969,15 +3019,11 @@ if ( is_object($postarr) ) { // non-escaped post was passed $postarr = get_object_vars($postarr); - $postarr = add_magic_quotes($postarr); } // First, get all of the original fields $post = get_post($postarr['ID'], ARRAY_A); - // Escape data pulled from DB. - $post = add_magic_quotes($post); - // Passed post category list overwrites existing category list if not empty. if ( isset($postarr['post_category']) && is_array($postarr['post_category']) && 0 != count($postarr['post_category']) ) @@ -3392,7 +3438,7 @@ $trackback_urls = explode(',', $tb_list); foreach( (array) $trackback_urls as $tb_url) { $tb_url = trim($tb_url); - trackback($tb_url, stripslashes($post_title), $excerpt, $post_id); + trackback($tb_url, $post_title, $excerpt, $post_id); } } } @@ -3735,9 +3781,6 @@ if ( ! empty( $meta_key ) || ! empty( $meta_value ) ) { $join = " LEFT JOIN $wpdb->postmeta ON ( $wpdb->posts.ID = $wpdb->postmeta.post_id )"; - // meta_key and meta_value might be slashed - $meta_key = stripslashes($meta_key); - $meta_value = stripslashes($meta_value); if ( ! empty( $meta_key ) ) $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key); if ( ! empty( $meta_value ) ) @@ -3962,7 +4005,6 @@ else $post_name = sanitize_title($post_name); - // expected_slashed ($post_name) $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); if ( empty($post_date) ) @@ -4005,9 +4047,7 @@ if ( ! isset($pinged) ) $pinged = ''; - // expected_slashed (everything!) $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); - $data = stripslashes_deep( $data ); if ( $update ) { $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); @@ -4052,7 +4092,7 @@ clean_post_cache( $post_ID ); if ( ! empty( $context ) ) - add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); + wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); if ( $update) { do_action('edit_attachment', $post_ID); @@ -4439,7 +4479,7 @@ // if we haven't added this old slug before, add it now if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) ) - add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); + wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); // if the new slug was used previously, delete it from the list if ( in_array($post->post_name, $old_slugs) ) @@ -4856,8 +4896,8 @@ return; if ( get_option('default_pingback_flag') ) - add_post_meta( $post_id, '_pingme', '1' ); - add_post_meta( $post_id, '_encloseme', '1' ); + wp_add_post_meta( $post_id, '_pingme', '1' ); + wp_add_post_meta( $post_id, '_encloseme', '1' ); wp_schedule_single_event(time(), 'do_pings'); } @@ -5083,7 +5123,6 @@ return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) ); $post = _wp_post_revision_fields( $post, $autosave ); - $post = add_magic_quotes($post); //since data is from db $revision_id = wp_insert_post( $post ); if ( is_wp_error($revision_id) ) @@ -5162,8 +5201,6 @@ $update['ID'] = $revision['post_parent']; - $update = add_magic_quotes( $update ); //since data is from db - $post_id = wp_update_post( $update ); if ( is_wp_error( $post_id ) ) return $post_id; @@ -5385,7 +5422,7 @@ $thumbnail_id = absint( $thumbnail_id ); if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) { if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) ) - return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); + return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); else return delete_post_meta( $post->ID, '_thumbnail_id' ); } Index: wp-includes/default-widgets.php =================================================================== --- wp-includes/default-widgets.php (revision 23401) +++ wp-includes/default-widgets.php (working copy) @@ -412,7 +412,7 @@ if ( current_user_can('unfiltered_html') ) $instance['text'] = $new_instance['text']; else - $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed + $instance['text'] = wp_kses_post( $new_instance['text'] ); $instance['filter'] = isset($new_instance['filter']); return $instance; } @@ -1056,8 +1056,8 @@ } function update( $new_instance, $old_instance ) { - $instance['title'] = strip_tags(stripslashes($new_instance['title'])); - $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); + $instance['title'] = strip_tags( $new_instance['title'] ); + $instance['taxonomy'] = $new_instance['taxonomy']; return $instance; } @@ -1118,7 +1118,7 @@ } function update( $new_instance, $old_instance ) { - $instance['title'] = strip_tags( stripslashes($new_instance['title']) ); + $instance['title'] = strip_tags( $new_instance['title'] ); $instance['nav_menu'] = (int) $new_instance['nav_menu']; return $instance; } Index: wp-includes/comment.php =================================================================== --- wp-includes/comment.php (revision 23401) +++ wp-includes/comment.php (working copy) @@ -633,22 +633,22 @@ */ function sanitize_comment_cookies() { if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { - $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); - $comment_author = stripslashes($comment_author); + $comment_author = wp_unslash( $_COOKIE['comment_author_'.COOKIEHASH] ); + $comment_author = apply_filters('pre_comment_author_name', $comment_author); $comment_author = esc_attr($comment_author); $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; } if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { - $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); - $comment_author_email = stripslashes($comment_author_email); + $comment_author_email = wp_unslash( $_COOKIE['comment_author_email_'.COOKIEHASH] ); + $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email); $comment_author_email = esc_attr($comment_author_email); $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; } if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { - $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); - $comment_author_url = stripslashes($comment_author_url); + $comment_author_url = wp_unslash( $_COOKIE['comment_author_url_'.COOKIEHASH] ); + $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url); $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; } } @@ -670,11 +670,10 @@ extract($commentdata, EXTR_SKIP); // Simple duplicate check - // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) - $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' "; + $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author ); if ( $comment_author_email ) - $dupe .= "OR comment_author_email = '$comment_author_email' "; - $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; + $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email ); + $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content ); if ( $wpdb->get_var($dupe) ) { do_action( 'comment_duplicate_trigger', $commentdata ); if ( defined('DOING_AJAX') ) @@ -1262,7 +1261,7 @@ */ function wp_insert_comment($commentdata) { global $wpdb; - extract(stripslashes_deep($commentdata), EXTR_SKIP); + extract($commentdata, EXTR_SKIP); if ( ! isset($comment_author_IP) ) $comment_author_IP = ''; @@ -1491,9 +1490,6 @@ // First, get all of the original fields $comment = get_comment($commentarr['comment_ID'], ARRAY_A); - // Escape data pulled from DB. - $comment = esc_sql($comment); - $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. @@ -1502,7 +1498,7 @@ $commentarr = wp_filter_comment( $commentarr ); // Now extract the merged array. - extract(stripslashes_deep($commentarr), EXTR_SKIP); + extract($commentarr, EXTR_SKIP); $comment_content = apply_filters('comment_save_pre', $comment_content); Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 23401) +++ wp-includes/functions.php (working copy) @@ -468,7 +468,7 @@ } if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { - add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); + wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); } } } @@ -1256,9 +1256,9 @@ * @return string Original referer field. */ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { - $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; + $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] ); $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; - $orig_referer_field = ''; + $orig_referer_field = ''; if ( $echo ) echo $orig_referer_field; return $orig_referer_field; @@ -1277,11 +1277,11 @@ function wp_get_referer() { $ref = false; if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) - $ref = $_REQUEST['_wp_http_referer']; + $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) - $ref = $_SERVER['HTTP_REFERER']; + $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); - if ( $ref && $ref !== $_SERVER['REQUEST_URI'] ) + if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) ) return $ref; return false; } @@ -1297,7 +1297,7 @@ */ function wp_get_original_referer() { if ( !empty( $_REQUEST['_wp_original_http_referer'] ) ) - return $_REQUEST['_wp_original_http_referer']; + return wp_unslash( $_REQUEST['_wp_original_http_referer'] ); return false; } @@ -3879,4 +3879,4 @@ */ function wp_checkdate( $month, $day, $year, $source_date ) { return apply_filters( 'wp_checkdate', checkdate( $month, $day, $year ), $source_date ); -} +} \ No newline at end of file Index: wp-includes/user.php =================================================================== --- wp-includes/user.php (revision 23401) +++ wp-includes/user.php (working copy) @@ -1390,7 +1390,6 @@ } $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); - $data = stripslashes_deep( $data ); if ( $update ) { $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); @@ -1462,9 +1461,6 @@ $user[ $key ] = get_user_meta( $ID, $key, true ); } - // Escape data pulled from DB. - $user = add_magic_quotes( $user ); - // If password is changing, hash it now. if ( ! empty($userdata['user_pass']) ) { $plaintext_pass = $userdata['user_pass']; @@ -1504,8 +1500,8 @@ * @return int The new user's ID. */ function wp_create_user($username, $password, $email = '') { - $user_login = esc_sql( $username ); - $user_email = esc_sql( $email ); + $user_login = $username; + $user_email = $email; $user_pass = $password; $userdata = compact('user_login', 'user_email', 'user_pass'); Index: wp-includes/class-wp-xmlrpc-server.php =================================================================== --- wp-includes/class-wp-xmlrpc-server.php (revision 23401) +++ wp-includes/class-wp-xmlrpc-server.php (working copy) @@ -280,17 +280,15 @@ $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( isset($meta['key']) ) { - $meta['key'] = stripslashes( $meta['key'] ); if ( $meta['key'] != $pmeta->meta_key ) continue; - $meta['value'] = stripslashes_deep( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } - } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) { - add_post_meta( $post_id, $meta['key'], $meta['value'] ); + } elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) { + wp_add_post_meta( $post_id, $meta['key'], $meta['value'] ); } } } @@ -462,8 +460,6 @@ return $this->blogger_getUsersBlogs( $args ); } - $this->escape( $args ); - $username = $args[0]; $password = $args[1]; @@ -955,8 +951,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1239,8 +1233,6 @@ if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1274,7 +1266,6 @@ else $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] ); - $this->escape( $post ); $merged_content_struct = array_merge( $post, $content_struct ); $retval = $this->_insert_post( $user, $merged_content_struct ); @@ -1301,8 +1292,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1377,8 +1366,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1434,8 +1421,6 @@ if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1529,8 +1514,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1616,8 +1599,6 @@ if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1708,8 +1689,6 @@ if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1775,8 +1754,6 @@ if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1828,8 +1805,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1903,8 +1878,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1947,8 +1920,6 @@ if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2016,8 +1987,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2069,8 +2038,6 @@ if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2137,8 +2104,6 @@ if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2184,8 +2149,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2249,8 +2212,6 @@ * @return array */ function wp_getPage($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $page_id = (int) $args[1]; $username = $args[2]; @@ -2292,8 +2253,6 @@ * @return array */ function wp_getPages($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2336,9 +2295,8 @@ * @return unknown */ function wp_newPage($args) { - // Items not escaped here will be escaped in newPost. - $username = $this->escape($args[1]); - $password = $this->escape($args[2]); + $username = $args[1]; + $password = $args[2]; $page = $args[3]; $publish = $args[4]; @@ -2363,8 +2321,6 @@ * @return bool True, if success. */ function wp_deletePage($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2404,11 +2360,10 @@ * @return unknown */ function wp_editPage($args) { - // Items not escaped here will be escaped in editPost. $blog_id = (int) $args[0]; - $page_id = (int) $this->escape($args[1]); - $username = $this->escape($args[2]); - $password = $this->escape($args[3]); + $page_id = (int) $args[1]; + $username = $args[2]; + $password = $args[3]; $content = $args[4]; $publish = $args[5]; @@ -2453,8 +2408,6 @@ function wp_getPageList($args) { global $wpdb; - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2503,9 +2456,6 @@ * @return array */ function wp_getAuthors($args) { - - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2539,8 +2489,6 @@ * @return array */ function wp_getTags( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2580,8 +2528,6 @@ * @return int Category ID. */ function wp_newCategory($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2641,8 +2587,6 @@ * @return mixed See {@link wp_delete_term()} for return info. */ function wp_deleteCategory($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2673,8 +2617,6 @@ * @return array */ function wp_suggestCategories($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2710,8 +2652,6 @@ * @return array */ function wp_getComment($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2751,8 +2691,6 @@ * @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents */ function wp_getComments($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2811,8 +2749,6 @@ * @return mixed {@link wp_delete_comment()} */ function wp_deleteComment($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2865,8 +2801,6 @@ * @return bool True, on success. */ function wp_editComment($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2942,8 +2876,6 @@ function wp_newComment($args) { global $wpdb; - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2978,9 +2910,9 @@ $comment['comment_post_ID'] = $post_id; if ( $logged_in ) { - $comment['comment_author'] = $wpdb->escape( $user->display_name ); - $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); - $comment['comment_author_url'] = $wpdb->escape( $user->user_url ); + $comment['comment_author'] = $user->display_name; + $comment['comment_author_email'] = $user->user_email; + $comment['comment_author_url'] = $user->user_url; $comment['user_ID'] = $user->ID; } else { $comment['comment_author'] = ''; @@ -3027,8 +2959,6 @@ * @return array */ function wp_getCommentStatusList($args) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3053,8 +2983,6 @@ * @return array */ function wp_getCommentCount( $args ) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3086,8 +3014,6 @@ * @return array */ function wp_getPostStatusList( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3112,8 +3038,6 @@ * @return array */ function wp_getPageStatusList( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3138,8 +3062,6 @@ * @return array */ function wp_getPageTemplates( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3165,8 +3087,6 @@ * @return array */ function wp_getOptions( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3215,8 +3135,6 @@ * @return unknown */ function wp_setOptions( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3264,8 +3182,6 @@ * - 'metadata' */ function wp_getMediaItem($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3309,8 +3225,6 @@ * @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents */ function wp_getMediaLibrary($args) { - $this->escape($args); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3351,8 +3265,6 @@ * @return array */ function wp_getPostFormats( $args ) { - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3411,8 +3323,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3457,8 +3367,6 @@ if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3511,8 +3419,6 @@ if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3577,8 +3483,6 @@ if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; - $this->escape( $args ); - $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3628,8 +3532,6 @@ if ( is_multisite() ) return $this->_multisite_getUsersBlogs($args); - $this->escape($args); - $username = $args[1]; $password = $args[2]; @@ -3691,9 +3593,6 @@ * @return array */ function blogger_getUserInfo($args) { - - $this->escape($args); - $username = $args[1]; $password = $args[2]; @@ -3725,9 +3624,6 @@ * @return array */ function blogger_getPost($args) { - - $this->escape($args); - $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -3746,9 +3642,9 @@ $categories = implode(',', wp_get_post_categories($post_ID)); - $content = ''.stripslashes($post_data['post_title']).''; + $content = ''.$post_data['post_title'].''; $content .= ''.$categories.''; - $content .= stripslashes($post_data['post_content']); + $content .= $post_data['post_content']; $struct = array( 'userid' => (string) $post_data['post_author'], @@ -3769,9 +3665,6 @@ * @return array */ function blogger_getRecentPosts($args) { - - $this->escape($args); - // $args[0] = appkey - ignored $blog_ID = (int) $args[1]; /* though we don't use it yet */ $username = $args[2]; @@ -3800,9 +3693,9 @@ $post_date = $this->_convert_date( $entry['post_date'] ); $categories = implode(',', wp_get_post_categories($entry['ID'])); - $content = ''.stripslashes($entry['post_title']).''; + $content = ''.$entry['post_title'].''; $content .= ''.$categories.''; - $content .= stripslashes($entry['post_content']); + $content .= $entry['post_content']; $struct[] = array( 'userid' => (string) $entry['post_author'], @@ -3850,9 +3743,6 @@ * @return int */ function blogger_newPost($args) { - - $this->escape($args); - $blog_ID = (int) $args[1]; /* though we don't use it yet */ $username = $args[2]; $password = $args[3]; @@ -3904,9 +3794,6 @@ * @return bool true when done. */ function blogger_editPost($args) { - - $this->escape($args); - $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -3923,8 +3810,6 @@ if ( !$actual_post || $actual_post['post_type'] != 'post' ) return new IXR_Error(404, __('Sorry, no such post.')); - $this->escape($actual_post); - if ( !current_user_can('edit_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); @@ -3960,8 +3845,6 @@ * @return bool True when post is deleted. */ function blogger_deletePost($args) { - $this->escape($args); - $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -4030,13 +3913,11 @@ * @return int */ function mw_newPost($args) { - $this->escape($args); - - $blog_ID = (int) $args[0]; - $username = $args[1]; - $password = $args[2]; + $blog_ID = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; $content_struct = $args[3]; - $publish = isset( $args[4] ) ? $args[4] : 0; + $publish = isset( $args[4] ) ? $args[4] : 0; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -4316,7 +4197,7 @@ } } if (!$found) - add_post_meta( $post_ID, 'enclosure', $encstring ); + wp_add_post_meta( $post_ID, 'enclosure', $encstring ); } } @@ -4350,9 +4231,6 @@ * @return bool True on success. */ function mw_editPost($args) { - - $this->escape($args); - $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4391,7 +4269,6 @@ } } - $this->escape($postdata); extract($postdata, EXTR_SKIP); // Let WordPress manage slug if none was provided. @@ -4619,9 +4496,6 @@ * @return array */ function mw_getPost($args) { - - $this->escape($args); - $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4743,9 +4617,6 @@ * @return array */ function mw_getRecentPosts($args) { - - $this->escape($args); - $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4858,9 +4729,6 @@ * @return array */ function mw_getCategories($args) { - - $this->escape($args); - $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4907,10 +4775,10 @@ function mw_newMediaObject($args) { global $wpdb; - $blog_ID = (int) $args[0]; - $username = $wpdb->escape($args[1]); - $password = $wpdb->escape($args[2]); - $data = $args[3]; + $blog_ID = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; + $data = $args[3]; $name = sanitize_file_name( $data['name'] ); $type = $data['type']; @@ -4997,9 +4865,6 @@ * @return array */ function mt_getRecentPostTitles($args) { - - $this->escape($args); - $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5057,9 +4922,6 @@ * @return array */ function mt_getCategoryList($args) { - - $this->escape($args); - $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5095,9 +4957,6 @@ * @return array */ function mt_getPostCategories($args) { - - $this->escape($args); - $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5138,9 +4997,6 @@ * @return bool True on success. */ function mt_setPostCategories($args) { - - $this->escape($args); - $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5250,9 +5106,6 @@ * @return int */ function mt_publishPost($args) { - - $this->escape($args); - $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5274,7 +5127,6 @@ // retain old cats $cats = wp_get_post_categories($post_ID); $postdata['post_category'] = $cats; - $this->escape($postdata); $result = wp_update_post($postdata); @@ -5298,8 +5150,6 @@ do_action('xmlrpc_call', 'pingback.ping'); - $this->escape($args); - $pagelinkedfrom = $args[0]; $pagelinkedto = $args[1]; @@ -5435,15 +5285,15 @@ $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $context = '[...] ' . esc_html( $excerpt ) . ' [...]'; - $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); + $pagelinkedfrom = $pagelinkedfrom; $comment_post_ID = (int) $post_ID; $comment_author = $title; $comment_author_email = ''; - $this->escape($comment_author); + $comment_author; $comment_author_url = $pagelinkedfrom; $comment_content = $context; - $this->escape($comment_content); + $comment_content; $comment_type = 'pingback'; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type'); @@ -5465,13 +5315,10 @@ * @return array */ function pingback_extensions_getPingbacks($args) { - global $wpdb; do_action('xmlrpc_call', 'pingback.extensions.getPingbacks'); - $this->escape($args); - $url = $args; $post_ID = url_to_postid($url); Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (revision 23401) +++ wp-includes/query.php (working copy) @@ -1733,7 +1733,6 @@ // Category stuff if ( !empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) { $q['cat'] = ''.urldecode($q['cat']).''; - $q['cat'] = addslashes_gpc($q['cat']); $cat_array = preg_split('/[,\s]+/', $q['cat']); $q['cat'] = ''; $req_cats = array(); @@ -2180,8 +2179,6 @@ // If a search pattern is specified, load the posts that match if ( !empty($q['s']) ) { - // added slashes screw with quote grouping when done early, so done later - $q['s'] = stripslashes($q['s']); if ( empty( $_GET['s'] ) && $this->is_main_query() ) $q['s'] = urldecode($q['s']); if ( !empty($q['sentence']) ) { @@ -2290,7 +2287,6 @@ $whichauthor = ''; } else { $q['author'] = (string)urldecode($q['author']); - $q['author'] = addslashes_gpc($q['author']); if ( strpos($q['author'], '-') !== false ) { $eq = '!='; $andor = 'AND'; @@ -2352,7 +2348,6 @@ $allowed_keys[] = 'meta_value_num'; } $q['orderby'] = urldecode($q['orderby']); - $q['orderby'] = addslashes_gpc($q['orderby']); $orderby_array = array(); foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { Index: wp-includes/link-template.php =================================================================== --- wp-includes/link-template.php (revision 23401) +++ wp-includes/link-template.php (working copy) @@ -746,7 +746,7 @@ if ( empty($query) ) $search = get_search_query( false ); else - $search = stripslashes($query); + $search = $query; $permastruct = $wp_rewrite->get_search_permastruct(); Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (revision 23401) +++ wp-includes/formatting.php (working copy) @@ -1716,10 +1716,7 @@ * @return string Converted content. */ function wp_rel_nofollow( $text ) { - // This is a pre save filter, so text is already escaped. - $text = stripslashes($text); $text = preg_replace_callback('||i', 'wp_rel_nofollow_callback', $text); - $text = esc_sql($text); return $text; } @@ -3342,3 +3339,37 @@ $urls_to_ping = implode( "\n", $urls_to_ping ); return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping ); } + +/** + * Slash a string or array of strings. + * + * This should be used only for GPC data. + * + * @since 3.6.0 + * + * @param string|array $value String or array of strings to slash. + * @return string|array Slashed $value + */ +function wp_slash( $value ) { + if ( is_array( $value ) ) { + array_map( 'wp_slash', $value); + } else { + $value = addslashes( $value ); + } + + return $value; +} + +/** + * Remove slashes a string or array of strings. + * + * This should be used for GPC data before passing it along to core API. + * + * @since 3.6.0 + * + * @param string|array $value String or array of strings to unslash. + * @return string|array Unslashed $value + */ +function wp_unslash( $value ) { + return stripslashes_deep( $value ); +} Index: wp-includes/class-wp.php =================================================================== --- wp-includes/class-wp.php (revision 23401) +++ wp-includes/class-wp.php (working copy) @@ -142,15 +142,15 @@ $this->did_permalink = true; if ( isset($_SERVER['PATH_INFO']) ) - $pathinfo = $_SERVER['PATH_INFO']; + $pathinfo = wp_unslash( $_SERVER['PATH_INFO'] ); else $pathinfo = ''; $pathinfo_array = explode('?', $pathinfo); $pathinfo = str_replace("%", "%25", $pathinfo_array[0]); - $req_uri = $_SERVER['REQUEST_URI']; + $req_uri = wp_unslash( $_SERVER['REQUEST_URI'] ); $req_uri_array = explode('?', $req_uri); $req_uri = $req_uri_array[0]; - $self = $_SERVER['PHP_SELF']; + $self = wp_unslash( $_SERVER['PHP_SELF'] ); $home_path = parse_url(home_url()); if ( isset($home_path['path']) ) $home_path = $home_path['path']; @@ -255,9 +255,9 @@ if ( isset( $this->extra_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; elseif ( isset( $_POST[$wpvar] ) ) - $this->query_vars[$wpvar] = $_POST[$wpvar]; + $this->query_vars[$wpvar] = wp_unslash( $_POST[$wpvar] ); elseif ( isset( $_GET[$wpvar] ) ) - $this->query_vars[$wpvar] = $_GET[$wpvar]; + $this->query_vars[$wpvar] = wp_unslash( $_GET[$wpvar] ); elseif ( isset( $perma_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $perma_query_vars[$wpvar]; @@ -356,7 +356,7 @@ // Support for Conditional GET if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) - $client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH'])); + $client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597 else $client_etag = false; $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); Index: wp-includes/deprecated.php =================================================================== --- wp-includes/deprecated.php (revision 23401) +++ wp-includes/deprecated.php (working copy) @@ -2383,7 +2383,7 @@ /** @todo Might need fix because usermeta data is assumed to be already escaped */ if ( is_string($meta_value) ) - $meta_value = stripslashes($meta_value); + $meta_value = $meta_value; $meta_value = maybe_serialize($meta_value); if (empty($meta_value)) { Index: wp-includes/cron.php =================================================================== --- wp-includes/cron.php (revision 23401) +++ wp-includes/cron.php (working copy) @@ -230,7 +230,7 @@ set_transient( 'doing_cron', $doing_wp_cron ); ob_start(); - wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) ); + wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); echo ' '; // flush any buffers and send the headers Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 23401) +++ wp-includes/pluggable.php (working copy) @@ -782,7 +782,7 @@ // The cookie is no good so force login nocache_headers(); - $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); + $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . wp_unslash( $_SERVER['HTTP_HOST'] ) . wp_unslash( $_SERVER['REQUEST_URI'] ) ); $login_url = wp_login_url($redirect, true); @@ -1197,8 +1197,8 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') { $user = get_userdata( $user_id ); - $user_login = stripslashes($user->user_login); - $user_email = stripslashes($user->user_email); + $user_login = $user->user_login; + $user_email = $user->user_email; // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. Index: wp-includes/feed.php =================================================================== --- wp-includes/feed.php (revision 23401) +++ wp-includes/feed.php (working copy) @@ -488,7 +488,7 @@ */ function self_link() { $host = @parse_url(home_url()); - echo esc_url( set_url_scheme( 'http://' . $host['host'] . stripslashes($_SERVER['REQUEST_URI']) ) ); + echo esc_url( set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); } /** Index: wp-includes/kses.php =================================================================== --- wp-includes/kses.php (revision 23401) +++ wp-includes/kses.php (working copy) @@ -1326,18 +1326,18 @@ */ function kses_init_filters() { // Normal filtering - add_filter('title_save_pre', 'wp_filter_kses'); + add_filter('title_save_pre', 'wp_kses_data'); // Comment filtering if ( current_user_can( 'unfiltered_html' ) ) - add_filter( 'pre_comment_content', 'wp_filter_post_kses' ); + add_filter( 'pre_comment_content', 'wp_kses_post' ); else - add_filter( 'pre_comment_content', 'wp_filter_kses' ); + add_filter( 'pre_comment_content', 'wp_kses_data' ); // Post filtering - add_filter('content_save_pre', 'wp_filter_post_kses'); - add_filter('excerpt_save_pre', 'wp_filter_post_kses'); - add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); + add_filter('content_save_pre', 'wp_kses_post'); + add_filter('excerpt_save_pre', 'wp_kses_post'); + add_filter('content_filtered_save_pre', 'wp_kses_post'); } /** @@ -1354,16 +1354,16 @@ */ function kses_remove_filters() { // Normal filtering - remove_filter('title_save_pre', 'wp_filter_kses'); + remove_filter('title_save_pre', 'wp_kses_data'); // Comment filtering - remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); - remove_filter( 'pre_comment_content', 'wp_filter_kses' ); + remove_filter( 'pre_comment_content', 'wp_kses_post' ); + remove_filter( 'pre_comment_content', 'wp_kses_data' ); // Post filtering - remove_filter('content_save_pre', 'wp_filter_post_kses'); - remove_filter('excerpt_save_pre', 'wp_filter_post_kses'); - remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); + remove_filter('content_save_pre', 'wp_kses_post'); + remove_filter('excerpt_save_pre', 'wp_kses_post'); + remove_filter('content_filtered_save_pre', 'wp_kses_post'); } /** Index: wp-includes/widgets.php =================================================================== --- wp-includes/widgets.php (revision 23401) +++ wp-includes/widgets.php (working copy) @@ -224,7 +224,7 @@ } foreach ( $settings as $number => $new_instance ) { - $new_instance = stripslashes_deep($new_instance); + $new_instance = wp_unslash($new_instance); $this->_set($number); $old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array(); Index: wp-includes/class-wp-customize-setting.php =================================================================== --- wp-includes/class-wp-customize-setting.php (revision 23401) +++ wp-includes/class-wp-customize-setting.php (working copy) @@ -144,7 +144,7 @@ * @return mixed Null if an input isn't valid, otherwise the sanitized value. */ public function sanitize( $value ) { - $value = stripslashes_deep( $value ); + $value = wp_unslash( $value ); return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } Index: wp-includes/ms-functions.php =================================================================== --- wp-includes/ms-functions.php (revision 23401) +++ wp-includes/ms-functions.php (working copy) @@ -279,9 +279,6 @@ * @return int The ID of the newly created blog */ function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) { - $domain = addslashes( $domain ); - $weblog_title = addslashes( $weblog_title ); - if ( empty($path) ) $path = '/'; @@ -585,7 +582,7 @@ $blogname = apply_filters( 'newblogname', $blogname ); - $blog_title = stripslashes( $blog_title ); + $blog_title = $blog_title; if ( empty( $blog_title ) ) $errors->add('blog_title', __( 'Please enter a site title.' ) ); @@ -638,10 +635,7 @@ global $wpdb; $key = substr( md5( time() . rand() . $domain ), 0, 16 ); - $meta = serialize($meta); - $domain = $wpdb->escape($domain); - $path = $wpdb->escape($path); - $title = $wpdb->escape($title); + $meta = serialize( $meta ); $wpdb->insert( $wpdb->signups, array( 'domain' => $domain, @@ -654,7 +648,7 @@ 'meta' => $meta ) ); - wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta); + wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta ); } /** @@ -844,8 +838,8 @@ } $meta = maybe_unserialize($signup->meta); - $user_login = $wpdb->escape($signup->user_login); - $user_email = $wpdb->escape($signup->user_email); + $user_login = $signup->user_login; + $user_email = $signup->user_email; $password = wp_generate_password( 12, false ); $user_id = username_exists($user_login); @@ -1162,7 +1156,7 @@ else update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) ); - update_option( 'blogname', stripslashes( $blog_title ) ); + update_option( 'blogname', $blog_title ); update_option( 'admin_email', '' ); // remove all perms @@ -1219,9 +1213,9 @@ if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) ) return false; - $welcome_email = stripslashes( get_site_option( 'welcome_email' ) ); + $welcome_email = get_site_option( 'welcome_email' ); if ( $welcome_email == false ) - $welcome_email = stripslashes( __( 'Dear User, + $welcome_email = __( 'Dear User, Your new SITE_NAME site has been successfully set up at: BLOG_URL @@ -1233,7 +1227,7 @@ We hope you enjoy your new site. Thanks! ---The Team @ SITE_NAME' ) ); +--The Team @ SITE_NAME' ); $url = get_blogaddress_by_id($blog_id); $user = get_userdata( $user_id ); @@ -1257,7 +1251,7 @@ if ( empty( $current_site->site_name ) ) $current_site->site_name = 'WordPress'; - $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) ); + $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, $title ) ); wp_mail($user->user_email, $subject, $message, $message_headers); return true; } @@ -1512,7 +1506,7 @@ function wpmu_log_new_registrations( $blog_id, $user_id ) { global $wpdb; $user = get_userdata( (int) $user_id ); - $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) ); + $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) ); } /** Index: wp-includes/meta.php =================================================================== --- wp-includes/meta.php (revision 23401) +++ wp-includes/meta.php (working copy) @@ -42,9 +42,6 @@ $column = esc_sql($meta_type . '_id'); - // expected_slashed ($meta_key) - $meta_key = stripslashes($meta_key); - $meta_value = stripslashes_deep($meta_value); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); @@ -113,10 +110,7 @@ $column = esc_sql($meta_type . '_id'); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; - // expected_slashed ($meta_key) - $meta_key = stripslashes($meta_key); $passed_value = $meta_value; - $meta_value = stripslashes_deep($meta_value); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); @@ -195,9 +189,6 @@ $type_column = esc_sql($meta_type . '_id'); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; - // expected_slashed ($meta_key) - $meta_key = stripslashes($meta_key); - $meta_value = stripslashes_deep($meta_value); $check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all ); if ( null !== $check ) Index: wp-includes/nav-menu.php =================================================================== --- wp-includes/nav-menu.php (revision 23401) +++ wp-includes/nav-menu.php (working copy) @@ -369,20 +369,20 @@ $menu_item_db_id = (int) $menu_item_db_id; - update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); - update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) ); - update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) ); - update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); - update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) ); $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) ); - update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); - update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); - update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); if ( 0 == $menu_id ) - update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() ); elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) ) delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' ); Index: wp-mail.php =================================================================== --- wp-mail.php (revision 23401) +++ wp-mail.php (working copy) @@ -202,7 +202,6 @@ $post_category = array(get_option('default_email_category')); $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); - $post_data = add_magic_quotes($post_data); $post_ID = wp_insert_post($post_data); if ( is_wp_error( $post_ID ) ) Index: wp-trackback.php =================================================================== --- wp-trackback.php (revision 23401) +++ wp-trackback.php (working copy) @@ -45,9 +45,9 @@ $charset = isset($_POST['charset']) ? $_POST['charset'] : ''; // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() -$title = isset($_POST['title']) ? stripslashes($_POST['title']) : ''; -$excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : ''; -$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : ''; +$title = isset($_POST['title']) ? wp_unslash( $_POST['title'] ) : ''; +$excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt'] ) : ''; +$blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] ) : ''; if ($charset) $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) ); @@ -64,11 +64,6 @@ $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); } -// Now that mb_convert_encoding() has been given a swing, we need to escape these three -$title = $wpdb->escape($title); -$excerpt = $wpdb->escape($excerpt); -$blog_name = $wpdb->escape($blog_name); - if ( is_single() || is_page() ) $tb_id = $posts[0]->ID; Index: wp-admin/network.php =================================================================== --- wp-admin/network.php (revision 23401) +++ wp-admin/network.php (working copy) @@ -520,7 +520,7 @@ $base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH ); $subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false; if ( ! network_domain_check() ) { - $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install ); + $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install ); if ( is_wp_error( $result ) ) { if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() ) network_step2( $result ); Index: wp-admin/users.php =================================================================== --- wp-admin/users.php (revision 23401) +++ wp-admin/users.php (working copy) @@ -64,9 +64,9 @@ ); if ( empty($_REQUEST) ) { - $referer = ''; + $referer = ''; } elseif ( isset($_REQUEST['wp_http_referer']) ) { - $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); + $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) ); $referer = ''; } else { $redirect = 'users.php'; @@ -357,7 +357,7 @@ default: if ( !empty($_GET['_wp_http_referer']) ) { - wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); exit; } @@ -381,7 +381,7 @@ case 'add': if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) { $messages[] = '

' . sprintf( __( 'New user created. Edit user' ), - esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), + esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '

'; } else { $messages[] = '

' . __( 'New user created.' ) . '

'; Index: wp-admin/edit-comments.php =================================================================== --- wp-admin/edit-comments.php (revision 23401) +++ wp-admin/edit-comments.php (working copy) @@ -20,9 +20,9 @@ check_admin_referer( 'bulk-comments' ); if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { - $comment_status = $wpdb->escape( $_REQUEST['comment_status'] ); - $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); - $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" ); + $comment_status = $_REQUEST['comment_status']; + $delete_time = $_REQUEST['pagegen_timestamp']; + $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) ); $doaction = 'delete'; } elseif ( isset( $_REQUEST['delete_comments'] ) ) { $comment_ids = $_REQUEST['delete_comments']; @@ -95,7 +95,7 @@ wp_safe_redirect( $redirect_to ); exit; } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); exit; } @@ -153,7 +153,7 @@ echo __('Comments'); if ( isset($_REQUEST['s']) && $_REQUEST['s'] ) - printf( '' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '' ); ?> + printf( '' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '' ); ?> get_pagenum(); - $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : ''; + $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : ''; $wild = ''; if ( false !== strpos($s, '*') ) { $wild = '%'; Index: wp-admin/includes/plugin-install.php =================================================================== --- wp-admin/includes/plugin-install.php (revision 23401) +++ wp-admin/includes/plugin-install.php (working copy) @@ -116,8 +116,8 @@ * @since 2.7.0 */ function install_search_form( $type_selector = true ) { - $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term'; - $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; + $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term'; + $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : ''; ?> @@ -160,7 +160,7 @@ * */ function install_plugins_favorites_form() { - $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); + $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); ?>

@@ -251,7 +251,7 @@ } } if ( isset($_GET['from']) ) - $url .= '&from=' . urlencode(stripslashes($_GET['from'])); + $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) ); return compact('status', 'url', 'version'); } @@ -264,7 +264,7 @@ function install_plugin_information() { global $tab; - $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) )); + $api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) )); if ( is_wp_error($api) ) wp_die($api); @@ -295,7 +295,7 @@ $api->$key = wp_kses( $api->$key, $plugins_allowedtags ); } - $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English. + $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English. if ( empty($section) || ! isset($api->sections[ $section ]) ) $section = array_shift( $section_titles = array_keys((array)$api->sections) ); Index: wp-admin/includes/bookmark.php =================================================================== --- wp-admin/includes/bookmark.php (revision 23401) +++ wp-admin/includes/bookmark.php (working copy) @@ -39,9 +39,9 @@ if ( !empty( $link_id ) ) { $_POST['link_id'] = $link_id; - return wp_update_link( $_POST ); + return wp_update_link( wp_unslash( $_POST ) ); } else { - return wp_insert_link( $_POST ); + return wp_insert_link( wp_unslash( $_POST ) ); } } @@ -137,7 +137,7 @@ $linkdata = wp_parse_args( $linkdata, $defaults ); $linkdata = sanitize_bookmark( $linkdata, 'db' ); - extract( stripslashes_deep( $linkdata ), EXTR_SKIP ); + extract( $linkdata, EXTR_SKIP ); $update = false; @@ -250,9 +250,6 @@ $link = get_bookmark( $link_id, ARRAY_A ); - // Escape data pulled from DB. - $link = add_magic_quotes( $link ); - // Passed link category list overwrites existing category list if not empty. if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] ) && 0 != count( $linkdata['link_category'] ) ) Index: wp-admin/includes/taxonomy.php =================================================================== --- wp-admin/includes/taxonomy.php (revision 23401) +++ wp-admin/includes/taxonomy.php (working copy) @@ -157,9 +157,6 @@ // First, get all of the original fields $category = get_category($cat_ID, ARRAY_A); - // Escape data pulled from DB. - $category = add_magic_quotes($category); - // Merge old and new fields with new fields overwriting old ones. $catarr = array_merge($category, $catarr); Index: wp-admin/includes/class-wp-terms-list-table.php =================================================================== --- wp-admin/includes/class-wp-terms-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-terms-list-table.php (working copy) @@ -52,7 +52,7 @@ $tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter } - $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : ''; + $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : ''; $args = array( 'search' => $search, @@ -61,10 +61,10 @@ ); if ( !empty( $_REQUEST['orderby'] ) ) - $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) ); + $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) ); if ( !empty( $_REQUEST['order'] ) ) - $args['order'] = trim( stripslashes( $_REQUEST['order'] ) ); + $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) ); $this->callback_args = $args; Index: wp-admin/includes/file.php =================================================================== --- wp-admin/includes/file.php (revision 23401) +++ wp-admin/includes/file.php (working copy) @@ -901,13 +901,13 @@ $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => '')); // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option) - $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']); - $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']); - $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : ''); + $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']); + $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']); + $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : ''); // Check to see if we are setting the public/private keys for ssh - $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : ''); - $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : ''); + $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : ''); + $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : ''); //sanitize the hostname, Some people might pass in odd-data: $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off @@ -925,7 +925,7 @@ else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL $credentials['connection_type'] = 'ftps'; else if ( !empty($_POST['connection_type']) ) - $credentials['connection_type'] = stripslashes($_POST['connection_type']); + $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] ); else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP $credentials['connection_type'] = 'ftp'; @@ -1050,7 +1050,7 @@ '; + echo ''; } submit_button( __( 'Proceed' ), 'button', 'upgrade' ); ?> Index: wp-admin/includes/ajax-actions.php =================================================================== --- wp-admin/includes/ajax-actions.php (revision 23401) +++ wp-admin/includes/ajax-actions.php (working copy) @@ -59,7 +59,7 @@ wp_die( 0 ); } - $s = stripslashes( $_GET['q'] ); + $s = wp_unslash( $_GET['q'] ); $comma = _x( ',', 'tag delimiter' ); if ( ',' !== $comma ) @@ -279,19 +279,21 @@ */ function _wp_ajax_add_hierarchical_term() { - $action = $_POST['action']; + $post_data = wp_unslash( $_POST ); + + $action = $post_data['action']; $taxonomy = get_taxonomy(substr($action, 4)); check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); if ( !current_user_can( $taxonomy->cap->edit_terms ) ) wp_die( -1 ); - $names = explode(',', $_POST['new'.$taxonomy->name]); - $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; + $names = explode(',', $post_data['new'.$taxonomy->name]); + $parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0; if ( 0 > $parent ) $parent = 0; if ( $taxonomy->name == 'category' ) - $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); + $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array(); else - $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); + $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array(); $checked_categories = array_map( 'absint', (array) $post_category ); $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); @@ -559,7 +561,7 @@ check_ajax_referer( $action ); if ( !current_user_can( 'manage_categories' ) ) wp_die( -1 ); - $names = explode(',', $_POST['newcat']); + $names = explode( ',', wp_unslash( $_POST['newcat'] ) ); $x = new WP_Ajax_Response(); foreach ( $names as $cat_name ) { $cat_name = trim($cat_name); @@ -572,7 +574,7 @@ continue; else if ( is_array( $cat_id ) ) $cat_id = $cat_id['term_id']; - $cat_name = esc_html(stripslashes($cat_name)); + $cat_name = esc_html( wp_unslash( $cat_name ) ); $x->add( array( 'what' => 'link-category', 'id' => $cat_id, @@ -586,9 +588,11 @@ function wp_ajax_add_tag() { global $wp_list_table; + $post_data = wp_unslash( $_POST ); + check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); - $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; - $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; + $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post'; + $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag'; $tax = get_taxonomy($taxonomy); if ( !current_user_can( $tax->cap->edit_terms ) ) @@ -596,7 +600,7 @@ $x = new WP_Ajax_Response(); - $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); + $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { $message = __('An error has occurred. Please reload the page and try again.'); @@ -610,7 +614,7 @@ $x->send(); } - $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) ); + $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $post_data['screen'] ) ); $level = 0; if ( is_taxonomy_hierarchical($taxonomy) ) { @@ -728,10 +732,10 @@ $user = wp_get_current_user(); if ( $user->exists() ) { $user_ID = $user->ID; - $comment_author = $wpdb->escape($user->display_name); - $comment_author_email = $wpdb->escape($user->user_email); - $comment_author_url = $wpdb->escape($user->user_url); - $comment_content = trim($_POST['content']); + $comment_author = $user->display_name; + $comment_author_email = $user->user_email; + $comment_author_url = $user->user_url; + $comment_content = trim( wp_unslash( $_POST['content'] ) ); if ( current_user_can( 'unfiltered_html' ) ) { if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate @@ -957,8 +961,8 @@ ) ); } else { // Update? $mid = (int) key( $_POST['meta'] ); - $key = stripslashes( $_POST['meta'][$mid]['key'] ); - $value = stripslashes( $_POST['meta'][$mid]['value'] ); + $key = wp_unslash( $_POST['meta'][$mid]['key'] ); + $value = wp_unslash( $_POST['meta'][$mid]['value'] ); if ( '' == trim($key) ) wp_die( __( 'Please provide a custom field name.' ) ); if ( '' == trim($value) ) @@ -1227,7 +1231,7 @@ $args = array(); if ( isset( $_POST['search'] ) ) - $args['s'] = stripslashes( $_POST['search'] ); + $args['s'] = wp_unslash( $_POST['search'] ); $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; require(ABSPATH . WPINC . '/class-wp-editor.php'); @@ -1328,7 +1332,6 @@ $data = &$_POST; $post = get_post( $post_ID, ARRAY_A ); - $post = add_magic_quotes($post); //since it is from db $data['content'] = $post['post_content']; $data['excerpt'] = $post['post_excerpt']; @@ -1376,8 +1379,10 @@ global $wp_list_table; check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); + + $post_data = wp_unslash( $_POST ); - $taxonomy = sanitize_key( $_POST['taxonomy'] ); + $taxonomy = sanitize_key( $post_data['taxonomy'] ); $tax = get_taxonomy( $taxonomy ); if ( ! $tax ) wp_die( 0 ); @@ -1387,13 +1392,13 @@ $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); - if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) + if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) ) wp_die( -1 ); $tag = get_term( $id, $taxonomy ); - $_POST['description'] = $tag->description; + $post_data['description'] = $tag->description; - $updated = wp_update_term($id, $taxonomy, $_POST); + $updated = wp_update_term($id, $taxonomy, $post_data ); if ( $updated && !is_wp_error($updated) ) { $tag = get_term( $updated['term_id'], $taxonomy ); if ( !$tag || is_wp_error( $tag ) ) { @@ -1425,7 +1430,7 @@ $post_types = get_post_types( array( 'public' => true ), 'objects' ); unset( $post_types['attachment'] ); - $s = stripslashes( $_POST['ps'] ); + $s = wp_unslash( $_POST['ps'] ); $searchand = $search = ''; $args = array( 'post_type' => array_keys( $post_types ), @@ -1596,7 +1601,7 @@ $post_id = null; } - $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); + $post_data = isset( $_REQUEST['post_data'] ) ? wp_unslash( $_REQUEST['post_data'] ) : array(); // If the context is custom header or background, make sure the uploaded file is an image. if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) { @@ -1630,10 +1635,10 @@ if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { if ( 'custom-background' === $post_data['context'] ) - update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); + wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); if ( 'custom-header' === $post_data['context'] ) - update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); + wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); } if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) @@ -1778,7 +1783,7 @@ wp_die( 0 ); $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; - update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); + wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); wp_die( 1 ); } @@ -1873,7 +1878,7 @@ if ( ! current_user_can( 'edit_post', $id ) ) wp_send_json_error(); - $changes = $_REQUEST['changes']; + $changes = wp_unslash( $_REQUEST['changes'] ); $post = get_post( $id, ARRAY_A ); if ( 'attachment' != $post['post_type'] ) @@ -1890,10 +1895,10 @@ if ( isset( $changes['alt'] ) ) { $alt = get_post_meta( $id, '_wp_attachment_image_alt', true ); - $new_alt = stripslashes( $changes['alt'] ); + $new_alt = $changes['alt']; if ( $alt != $new_alt ) { $new_alt = wp_strip_all_tags( $new_alt, true ); - update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) ); + wp_update_post_meta( $id, '_wp_attachment_image_alt', $new_alt ); } } @@ -1915,7 +1920,7 @@ if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) ) wp_send_json_error(); - $attachment_data = $_REQUEST['attachments'][ $id ]; + $attachment_data = wp_unslash( $_REQUEST['attachments'][ $id ] ); check_ajax_referer( 'update-post_' . $id, 'nonce' ); @@ -1959,7 +1964,7 @@ check_ajax_referer( 'update-post_' . $post_id, 'nonce' ); - $attachments = $_REQUEST['attachments']; + $attachments = wp_unslash( $_REQUEST['attachments'] ); if ( ! current_user_can( 'edit_post', $post_id ) ) wp_send_json_error(); @@ -1990,7 +1995,7 @@ function wp_ajax_send_attachment_to_editor() { check_ajax_referer( 'media-send-to-editor', 'nonce' ); - $attachment = stripslashes_deep( $_POST['attachment'] ); + $attachment = wp_unslash( $_POST['attachment'] ); $id = intval( $attachment['id'] ); @@ -2045,7 +2050,7 @@ function wp_ajax_send_link_to_editor() { check_ajax_referer( 'media-send-to-editor', 'nonce' ); - if ( ! $src = stripslashes( $_POST['src'] ) ) + if ( ! $src = wp_unslash( $_POST['src'] ) ) wp_send_json_error(); if ( ! strpos( $src, '://' ) ) @@ -2054,7 +2059,7 @@ if ( ! $src = esc_url_raw( $src ) ) wp_send_json_error(); - if ( ! $title = trim( stripslashes( $_POST['title'] ) ) ) + if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) ) $title = wp_basename( $src ); $html = ''; @@ -2083,7 +2088,7 @@ $screen_id = 'site'; if ( ! empty($_POST['data']) ) { - $data = (array) $_POST['data']; + $data = wp_unslash( (array) $_POST['data'] ); // todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..? $user = wp_get_current_user(); $data['user_id'] = $user->exists() ? $user->ID : 0; Index: wp-admin/includes/post.php =================================================================== --- wp-admin/includes/post.php (revision 23401) +++ wp-admin/includes/post.php (working copy) @@ -149,8 +149,8 @@ */ function edit_post( $post_data = null ) { - if ( empty($post_data) ) - $post_data = &$_POST; + if ( empty( $post_data ) ) + $post_data = wp_unslash( $_POST ); // Clear out any data in internal vars. unset( $post_data['filter'] ); @@ -228,10 +228,9 @@ if ( 'attachment' == $post_data['post_type'] ) { if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) { $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true ); - if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) { - $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true ); - // update_meta expects slashed - update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) ); + if ( $image_alt != $post_data['_wp_attachment_image_alt'] ) { + $image_alt = wp_strip_all_tags( $post_data['_wp_attachment_image_alt'], true ); + wp_update_post_meta( $post_ID, '_wp_attachment_image_alt', $image_alt ); } } @@ -241,7 +240,7 @@ add_meta( $post_ID ); - update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); + wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); wp_update_post( $post_data ); @@ -422,15 +421,15 @@ $post_title = ''; if ( !empty( $_REQUEST['post_title'] ) ) - $post_title = esc_html( stripslashes( $_REQUEST['post_title'] )); + $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] )); $post_content = ''; if ( !empty( $_REQUEST['content'] ) ) - $post_content = esc_html( stripslashes( $_REQUEST['content'] )); + $post_content = esc_html( wp_unslash( $_REQUEST['content'] )); $post_excerpt = ''; if ( !empty( $_REQUEST['excerpt'] ) ) - $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] )); + $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] )); if ( $create_in_db ) { $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) ); @@ -479,9 +478,9 @@ function post_exists($title, $content = '', $date = '') { global $wpdb; - $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); - $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); - $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); + $post_title = sanitize_post_field( 'post_title', $title, 0, 'db' ); + $post_content = sanitize_post_field( 'post_content', $content, 0, 'db' ); + $post_date = sanitize_post_field( 'post_date', $date, 0, 'db' ); $query = "SELECT ID FROM $wpdb->posts WHERE 1=1"; $args = array(); @@ -559,7 +558,7 @@ } // Create the post. - $post_ID = wp_insert_post( $_POST ); + $post_ID = wp_insert_post( wp_unslash( $_POST ) ); if ( is_wp_error( $post_ID ) ) return $post_ID; @@ -568,7 +567,7 @@ add_meta( $post_ID ); - add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); + wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links( $post_ID ); @@ -612,9 +611,9 @@ global $wpdb; $post_ID = (int) $post_ID; - $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; - $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; - $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; + $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : ''; + $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : ''; + $metavalue = isset($_POST['metavalue']) ? wp_unslash( trim( $_POST['metavalue'] ) ) : ''; if ( is_string( $metavalue ) ) $metavalue = trim( $metavalue ); @@ -631,9 +630,7 @@ if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) return false; - $metakey = esc_sql( $metakey ); - - return add_post_meta( $post_ID, $metakey, $metavalue ); + return wp_add_post_meta( $post_ID, $metakey, $metavalue ); } return false; @@ -706,14 +703,11 @@ * @since 1.2.0 * * @param unknown_type $meta_id - * @param unknown_type $meta_key Expect Slashed - * @param unknown_type $meta_value Expect Slashed + * @param unknown_type $meta_key + * @param unknown_type $meta_value * @return unknown */ function update_meta( $meta_id, $meta_key, $meta_value ) { - $meta_key = stripslashes( $meta_key ); - $meta_value = stripslashes_deep( $meta_value ); - return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); } @@ -767,8 +761,6 @@ if ( $replace ) { $post['post_content'] = $content; - // Escape data pulled from DB. - $post = add_magic_quotes($post); return wp_update_post($post); } @@ -1179,7 +1171,7 @@ $now = time(); $lock = "$now:$user_id"; - update_post_meta( $post->ID, '_edit_lock', $lock ); + wp_update_post_meta( $post->ID, '_edit_lock', $lock ); return array( $now, $user_id ); } @@ -1230,14 +1222,14 @@ // Only store one autosave. If there is already an autosave, overwrite it. if ( $old_autosave = wp_get_post_autosave( $post_id ) ) { - $new_autosave = _wp_post_revision_fields( $_POST, true ); + $new_autosave = _wp_post_revision_fields( wp_unslash( $_POST ), true ); $new_autosave['ID'] = $old_autosave->ID; $new_autosave['post_author'] = get_current_user_id(); return wp_update_post( $new_autosave ); } // _wp_put_post_revision() expects unescaped. - $_POST = stripslashes_deep($_POST); + $_POST = wp_unslash( $_POST ); // Otherwise create the new autosave as a special post revision return _wp_put_post_revision( $_POST, true ); Index: wp-admin/includes/class-wp-users-list-table.php =================================================================== --- wp-admin/includes/class-wp-users-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-users-list-table.php (working copy) @@ -241,7 +241,7 @@ // Check if the user for this row is editable if ( current_user_can( 'list_users' ) ) { // Set up the user editing link - $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) ); + $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) ); // Set up the hover actions for this user $actions = array(); Index: wp-admin/includes/dashboard.php =================================================================== --- wp-admin/includes/dashboard.php (revision 23401) +++ wp-admin/includes/dashboard.php (working copy) @@ -1093,7 +1093,7 @@ $widget_options[$widget_id]['number'] = $number; if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) { - $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] ); + $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] ); $widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] ); // title is optional. If black, fill it if possible if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) { Index: wp-admin/includes/class-wp-plugin-install-list-table.php =================================================================== --- wp-admin/includes/class-wp-plugin-install-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-plugin-install-list-table.php (working copy) @@ -48,8 +48,8 @@ switch ( $tab ) { case 'search': - $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; - $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; + $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term'; + $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : ''; switch ( $type ) { case 'tag': @@ -73,7 +73,7 @@ break; case 'favorites': - $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); + $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); if ( $user ) $args['user'] = $user; Index: wp-admin/includes/class-wp-ms-themes-list-table.php =================================================================== --- wp-admin/includes/class-wp-ms-themes-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-ms-themes-list-table.php (working copy) @@ -126,7 +126,7 @@ function _search_callback( $theme ) { static $term; if ( is_null( $term ) ) - $term = stripslashes( $_REQUEST['s'] ); + $term = wp_unslash( $_REQUEST['s'] ); foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) { // Don't mark up; Do translate. Index: wp-admin/includes/upgrade.php =================================================================== --- wp-admin/includes/upgrade.php (revision 23401) +++ wp-admin/includes/upgrade.php (working copy) @@ -132,7 +132,7 @@ $first_post = get_site_option( 'first_post' ); if ( empty($first_post) ) - $first_post = stripslashes( __( 'Welcome to SITE_NAME. This is your first post. Edit or delete it, then start blogging!' ) ); + $first_post = __( 'Welcome to SITE_NAME. This is your first post. Edit or delete it, then start blogging!' ); $first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post ); $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); @@ -636,23 +636,23 @@ $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); foreach ( $users as $user ) : if ( !empty( $user->user_firstname ) ) - update_user_meta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) ); + update_user_meta( $user->ID, 'first_name', $user->user_firstname ); if ( !empty( $user->user_lastname ) ) - update_user_meta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) ); + update_user_meta( $user->ID, 'last_name', $user->user_lastname ); if ( !empty( $user->user_nickname ) ) - update_user_meta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) ); + update_user_meta( $user->ID, 'nickname', $user->user_nickname ); if ( !empty( $user->user_level ) ) update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level ); if ( !empty( $user->user_icq ) ) - update_user_meta( $user->ID, 'icq', $wpdb->escape($user->user_icq) ); + update_user_meta( $user->ID, 'icq', $user->user_icq ); if ( !empty( $user->user_aim ) ) - update_user_meta( $user->ID, 'aim', $wpdb->escape($user->user_aim) ); + update_user_meta( $user->ID, 'aim', $user->user_aim ); if ( !empty( $user->user_msn ) ) - update_user_meta( $user->ID, 'msn', $wpdb->escape($user->user_msn) ); + update_user_meta( $user->ID, 'msn', $user->user_msn ); if ( !empty( $user->user_yim ) ) - update_user_meta( $user->ID, 'yim', $wpdb->escape($user->user_icq) ); + update_user_meta( $user->ID, 'yim', $user->user_icq ); if ( !empty( $user->user_description ) ) - update_user_meta( $user->ID, 'description', $wpdb->escape($user->user_description) ); + update_user_meta( $user->ID, 'description', $user->user_description ); if ( isset( $user->user_idmode ) ): $idmode = $user->user_idmode; @@ -854,7 +854,7 @@ foreach ( $link_cats as $category) { $cat_id = (int) $category->cat_id; $term_id = 0; - $name = $wpdb->escape($category->cat_name); + $name = $category->cat_name; $slug = sanitize_title($name); $term_group = 0; Index: wp-admin/includes/class-wp-theme-install-list-table.php =================================================================== --- wp-admin/includes/class-wp-theme-install-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-theme-install-list-table.php (working copy) @@ -24,7 +24,7 @@ $search_terms = array(); $search_string = ''; if ( ! empty( $_REQUEST['s'] ) ){ - $search_string = strtolower( stripslashes( $_REQUEST['s'] ) ); + $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) ); $search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) ); } @@ -59,7 +59,7 @@ switch ( $tab ) { case 'search': - $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; + $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term'; switch ( $type ) { case 'tag': $args['tag'] = array_map( 'sanitize_key', $search_terms ); Index: wp-admin/includes/misc.php =================================================================== --- wp-admin/includes/misc.php (revision 23401) +++ wp-admin/includes/misc.php (working copy) @@ -220,7 +220,7 @@ * @return string */ function url_shorten( $url ) { - $short_url = str_replace( 'http://', '', stripslashes( $url )); + $short_url = str_replace( 'http://', '', wp_unslash( $url )); $short_url = str_replace( 'www.', '', $short_url ); $short_url = untrailingslashit( $short_url ); if ( strlen( $short_url ) > 35 ) @@ -323,8 +323,8 @@ if ( !$user = wp_get_current_user() ) return; - $option = $_POST['wp_screen_options']['option']; - $value = $_POST['wp_screen_options']['value']; + $option = wp_unslash( $_POST['wp_screen_options']['option'] ); + $value = wp_unslash( $_POST['wp_screen_options']['value'] ); if ( $option != sanitize_key( $option ) ) return; Index: wp-admin/includes/deprecated.php =================================================================== --- wp-admin/includes/deprecated.php (revision 23401) +++ wp-admin/includes/deprecated.php (working copy) @@ -472,7 +472,7 @@ function WP_User_Search ($search_term = '', $page = '', $role = '') { _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' ); - $this->search_term = stripslashes( $search_term ); + $this->search_term = $search_term; $this->raw_page = ( '' == $page ) ? false : (int) $page; $this->page = (int) ( '' == $page ) ? 1 : $page; $this->role = $role; @@ -551,7 +551,7 @@ * @access public */ function prepare_vars_for_template_usage() { - $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone + $this->search_term = $this->search_term; // done with DB, from now on we want slashes gone } /** Index: wp-admin/includes/class-wp-upgrader.php =================================================================== --- wp-admin/includes/class-wp-upgrader.php (revision 23401) +++ wp-admin/includes/class-wp-upgrader.php (working copy) @@ -1427,7 +1427,7 @@ $install_actions = array(); - $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins'; + $from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins'; if ( 'import' == $from ) $install_actions['activate_plugin'] = '' . __('Activate Plugin & Run Importer') . ''; Index: wp-admin/includes/schema.php =================================================================== --- wp-admin/includes/schema.php (revision 23401) +++ wp-admin/includes/schema.php (working copy) @@ -505,13 +505,11 @@ else $autoload = 'yes'; - $option = $wpdb->escape($option); if ( is_array($value) ) $value = serialize($value); - $value = $wpdb->escape($value); if ( !empty($insert) ) $insert .= ', '; - $insert .= "('$option', '$value', '$autoload')"; + $insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload ); } if ( !empty($insert) ) @@ -921,13 +919,11 @@ $insert = ''; foreach ( $sitemeta as $meta_key => $meta_value ) { - $meta_key = $wpdb->escape( $meta_key ); if ( is_array( $meta_value ) ) $meta_value = serialize( $meta_value ); - $meta_value = $wpdb->escape( $meta_value ); if ( !empty( $insert ) ) $insert .= ', '; - $insert .= "( $network_id, '$meta_key', '$meta_value')"; + $insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value ); } $wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert ); Index: wp-admin/includes/comment.php =================================================================== --- wp-admin/includes/comment.php (revision 23401) +++ wp-admin/includes/comment.php (working copy) @@ -19,9 +19,6 @@ function comment_exists($comment_author, $comment_date) { global $wpdb; - $comment_author = stripslashes($comment_author); - $comment_date = stripslashes($comment_date); - return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); } @@ -33,38 +30,40 @@ */ function edit_comment() { - if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) ) + $post_data = wp_unslash( $_POST ); + + if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) ) wp_die ( __( 'You are not allowed to edit comments on this post.' ) ); - $_POST['comment_author'] = $_POST['newcomment_author']; - $_POST['comment_author_email'] = $_POST['newcomment_author_email']; - $_POST['comment_author_url'] = $_POST['newcomment_author_url']; - $_POST['comment_approved'] = $_POST['comment_status']; - $_POST['comment_content'] = $_POST['content']; - $_POST['comment_ID'] = (int) $_POST['comment_ID']; + $post_data['comment_author'] = $post_data['newcomment_author']; + $post_data['comment_author_email'] = $post_data['newcomment_author_email']; + $post_data['comment_author_url'] = $post_data['newcomment_author_url']; + $post_data['comment_approved'] = $post_data['comment_status']; + $post_data['comment_content'] = $post_data['content']; + $post_data['comment_ID'] = (int) $post_data['comment_ID']; foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { - if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { + if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) { $_POST['edit_date'] = '1'; break; } } - if ( !empty ( $_POST['edit_date'] ) ) { - $aa = $_POST['aa']; - $mm = $_POST['mm']; - $jj = $_POST['jj']; - $hh = $_POST['hh']; - $mn = $_POST['mn']; - $ss = $_POST['ss']; + if ( !empty ( $post_data['edit_date'] ) ) { + $aa = $post_data['aa']; + $mm = $post_data['mm']; + $jj = $post_data['jj']; + $hh = $post_data['hh']; + $mn = $post_data['mn']; + $ss = $post_data['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; - $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; + $post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; } - wp_update_comment( $_POST ); + wp_update_comment( $post_data ); } /** Index: wp-admin/includes/class-wp-ms-users-list-table.php =================================================================== --- wp-admin/includes/class-wp-ms-users-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-ms-users-list-table.php (working copy) @@ -173,10 +173,10 @@ case 'username': $avatar = get_avatar( $user->user_email, 32 ); - $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) ); + $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) ); echo ""; ?> - user_login ); ?>user_login; ?>user_login, $super_admins ) ) echo ' - ' . __( 'Super Admin' ); ?> @@ -186,7 +186,7 @@ $actions['edit'] = '' . __( 'Edit' ) . ''; if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) { - $actions['delete'] = '' . __( 'Delete' ) . ''; + $actions['delete'] = '' . __( 'Delete' ) . ''; } $actions = apply_filters( 'ms_user_row_actions', $actions, $user ); Index: wp-admin/includes/image-edit.php =================================================================== --- wp-admin/includes/image-edit.php (revision 23401) +++ wp-admin/includes/image-edit.php (working copy) @@ -454,7 +454,7 @@ if ( is_wp_error( $img ) ) return false; - $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null; + $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash( $_REQUEST['history'] ) ) : null; if ( $changes ) $img = image_edit_apply_changes( $img, $changes ); @@ -533,7 +533,7 @@ } } - if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { + if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { $msg->error = __('Cannot save image metadata.'); return $msg; } @@ -587,7 +587,7 @@ return $return; } } elseif ( !empty($_REQUEST['history']) ) { - $changes = json_decode( stripslashes($_REQUEST['history']) ); + $changes = json_decode( wp_unslash( $_REQUEST['history'] ) ); if ( $changes ) $img = image_edit_apply_changes($img, $changes); } else { @@ -699,7 +699,7 @@ if ( $success ) { wp_update_attachment_metadata( $post_id, $meta ); - update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); + wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) { // Check if it's an image edit from attachment edit screen Index: wp-admin/includes/class-wp-plugins-list-table.php =================================================================== --- wp-admin/includes/class-wp-plugins-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-plugins-list-table.php (working copy) @@ -22,7 +22,7 @@ $status = $_REQUEST['plugin_status']; if ( isset($_REQUEST['s']) ) - $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) ); + $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) ); $page = $this->get_pagenum(); } @@ -140,7 +140,7 @@ function _search_callback( $plugin ) { static $term; if ( is_null( $term ) ) - $term = stripslashes( $_REQUEST['s'] ); + $term = wp_unslash( $_REQUEST['s'] ); foreach ( $plugin as $value ) if ( stripos( $value, $term ) !== false ) Index: wp-admin/includes/theme-install.php =================================================================== --- wp-admin/includes/theme-install.php (revision 23401) +++ wp-admin/includes/theme-install.php (working copy) @@ -50,8 +50,8 @@ * @since 2.8.0 */ function install_theme_search_form( $type_selector = true ) { - $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; - $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; + $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term'; + $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : ''; if ( ! $type_selector ) echo '

' . __( 'Search for themes by keyword.' ) . '

'; ?> @@ -179,7 +179,7 @@ function install_theme_information() { global $tab, $themes_allowedtags, $wp_list_table; - $theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) ); + $theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) ); if ( is_wp_error( $theme ) ) wp_die( $theme ); Index: wp-admin/includes/class-wp-themes-list-table.php =================================================================== --- wp-admin/includes/class-wp-themes-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-themes-list-table.php (working copy) @@ -28,7 +28,7 @@ $themes = wp_get_themes( array( 'allowed' => true ) ); if ( ! empty( $_REQUEST['s'] ) ) - $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) ); + $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) ); if ( ! empty( $_REQUEST['features'] ) ) $this->features = $_REQUEST['features']; @@ -235,7 +235,7 @@ * @uses _pagination_args['total_pages'] */ function _js_vars( $extra_args = array() ) { - $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : ''; + $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : ''; $args = array( 'search' => $search_string, Index: wp-admin/includes/class-wp-comments-list-table.php =================================================================== --- wp-admin/includes/class-wp-comments-list-table.php (revision 23401) +++ wp-admin/includes/class-wp-comments-list-table.php (working copy) @@ -170,7 +170,7 @@ /* // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark if ( !empty( $_REQUEST['s'] ) ) - $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link ); + $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link ); */ $status_links[$status] = "" . sprintf( translate_nooped_plural( $label, $num_comments->$status ), Index: wp-admin/includes/template.php =================================================================== --- wp-admin/includes/template.php (revision 23401) +++ wp-admin/includes/template.php (working copy) @@ -1331,7 +1331,7 @@ * */ function _admin_search_query() { - echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : ''; + echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : ''; } /** Index: wp-admin/includes/user.php =================================================================== --- wp-admin/includes/user.php (revision 23401) +++ wp-admin/includes/user.php (working copy) @@ -34,22 +34,25 @@ $update = true; $user->ID = (int) $user_id; $userdata = get_userdata( $user_id ); - $user->user_login = $wpdb->escape( $userdata->user_login ); + $user->user_login = $userdata->user_login; } else { $update = false; } - if ( !$update && isset( $_POST['user_login'] ) ) - $user->user_login = sanitize_user($_POST['user_login'], true); + // get clean data before we get started. + $post_data = wp_unslash( $_POST ); + if ( !$update && isset( $post_data['user_login'] ) ) + $user->user_login = sanitize_user($post_data['user_login'], true); + $pass1 = $pass2 = ''; - if ( isset( $_POST['pass1'] )) - $pass1 = $_POST['pass1']; - if ( isset( $_POST['pass2'] )) - $pass2 = $_POST['pass2']; + if ( isset( $post_data['pass1'] )) + $pass1 = $post_data['pass1']; + if ( isset( $post_data['pass2'] )) + $pass2 = $post_data['pass2']; - if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { - $new_role = sanitize_text_field( $_POST['role'] ); + if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) { + $new_role = sanitize_text_field( $post_data['role'] ); $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. @@ -62,44 +65,44 @@ wp_die(__('You can’t give users that role.')); } - if ( isset( $_POST['email'] )) - $user->user_email = sanitize_text_field( $_POST['email'] ); - if ( isset( $_POST['url'] ) ) { - if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { + if ( isset( $post_data['email'] )) + $user->user_email = sanitize_text_field( $post_data['email'] ); + if ( isset( $post_data['url'] ) ) { + if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) { $user->user_url = ''; } else { - $user->user_url = esc_url_raw( $_POST['url'] ); + $user->user_url = esc_url_raw( $post_data['url'] ); $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; } } - if ( isset( $_POST['first_name'] ) ) - $user->first_name = sanitize_text_field( $_POST['first_name'] ); - if ( isset( $_POST['last_name'] ) ) - $user->last_name = sanitize_text_field( $_POST['last_name'] ); - if ( isset( $_POST['nickname'] ) ) - $user->nickname = sanitize_text_field( $_POST['nickname'] ); - if ( isset( $_POST['display_name'] ) ) - $user->display_name = sanitize_text_field( $_POST['display_name'] ); + if ( isset( $post_data['first_name'] ) ) + $user->first_name = sanitize_text_field( $post_data['first_name'] ); + if ( isset( $post_data['last_name'] ) ) + $user->last_name = sanitize_text_field( $post_data['last_name'] ); + if ( isset( $post_data['nickname'] ) ) + $user->nickname = sanitize_text_field( $post_data['nickname'] ); + if ( isset( $post_data['display_name'] ) ) + $user->display_name = sanitize_text_field( $post_data['display_name'] ); - if ( isset( $_POST['description'] ) ) - $user->description = trim( $_POST['description'] ); + if ( isset( $post_data['description'] ) ) + $user->description = trim( $post_data['description'] ); foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) { - if ( isset( $_POST[$method] )) - $user->$method = sanitize_text_field( $_POST[$method] ); + if ( isset( $post_data[$method] )) + $user->$method = sanitize_text_field( $post_data[$method] ); } if ( $update ) { - $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; - $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; - $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; + $user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true'; + $user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh'; + $user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false'; } - $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; + $user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; - if ( !empty($_POST['use_ssl']) ) + if ( !empty($post_data['use_ssl']) ) $user->use_ssl = 1; $errors = new WP_Error(); @@ -124,7 +127,7 @@ } /* Check for "\" in password */ - if ( false !== strpos( stripslashes($pass1), "\\" ) ) + if ( false !== strpos( $pass1, "\\" ) ) $errors->add( 'pass', __( 'ERROR: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); /* checking the password has been typed twice the same */ @@ -134,7 +137,7 @@ if ( !empty( $pass1 ) ) $user->user_pass = $pass1; - if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) + if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) ) $errors->add( 'user_login', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' )); if ( !$update && username_exists( $user->user_login ) ) @@ -159,7 +162,7 @@ $user_id = wp_update_user( $user ); } else { $user_id = wp_insert_user( $user ); - wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' ); + wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' ); } return $user_id; } Index: wp-admin/includes/media.php =================================================================== --- wp-admin/includes/media.php (revision 23401) +++ wp-admin/includes/media.php (working copy) @@ -444,6 +444,8 @@ } if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { + $attachment = wp_unslash( $attachment ); + $post = $_post = get_post($attachment_id, ARRAY_A); $post_type_object = get_post_type_object( $post[ 'post_type' ] ); @@ -468,10 +470,9 @@ if ( isset($attachment['image_alt']) ) { $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true); - if ( $image_alt != stripslashes($attachment['image_alt']) ) { - $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true ); - // update_meta expects slashed - update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) ); + if ( $image_alt != $attachment['image_alt'] ) { + $image_alt = wp_strip_all_tags( $attachment['image_alt'], true ); + wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt ); } } @@ -501,7 +502,7 @@ } if ( isset($send_id) ) { - $attachment = stripslashes_deep( $_POST['attachments'][$send_id] ); + $attachment = wp_unslash( $_POST['attachments'][$send_id] ); $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : ''; if ( !empty($attachment['url']) ) { @@ -546,7 +547,7 @@ $src = "http://$src"; if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) { - $title = esc_html( stripslashes( $_POST['title'] ) ); + $title = esc_html( wp_unslash( $_POST['title'] ) ); if ( empty( $title ) ) $title = esc_html( basename( $src ) ); @@ -561,9 +562,9 @@ $html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title ); } else { $align = ''; - $alt = esc_attr( stripslashes( $_POST['alt'] ) ); + $alt = esc_attr( wp_unslash( $_POST['alt'] ) ); if ( isset($_POST['align']) ) { - $align = esc_attr( stripslashes( $_POST['align'] ) ); + $align = esc_attr( wp_unslash( $_POST['align'] ) ); $class = " class='align$align'"; } if ( !empty($src) ) Index: wp-admin/edit-tags.php =================================================================== --- wp-admin/edit-tags.php (revision 23401) +++ wp-admin/edit-tags.php (working copy) @@ -47,7 +47,9 @@ if ( !current_user_can( $tax->cap->edit_terms ) ) wp_die( __( 'Cheatin’ uh?' ) ); - $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); + $post_data = wp_unslash( $_POST ); + + $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ( 'post' != $post_type ) $location .= '&post_type=' . $post_type; @@ -132,7 +134,10 @@ break; case 'editedtag': - $tag_ID = (int) $_POST['tag_ID']; + + $post_data = wp_unslash( $_POST ); + + $tag_ID = (int) $post_data['tag_ID']; check_admin_referer( 'update-tag_' . $tag_ID ); if ( !current_user_can( $tax->cap->edit_terms ) ) @@ -142,7 +147,7 @@ if ( ! $tag ) wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); - $ret = wp_update_term( $tag_ID, $taxonomy, $_POST ); + $ret = wp_update_term( $tag_ID, $taxonomy, $post_data ); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ( 'post' != $post_type ) @@ -164,7 +169,7 @@ default: if ( ! empty($_REQUEST['_wp_http_referer']) ) { - $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ); + $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ); if ( ! empty( $_REQUEST['paged'] ) ) $location = add_query_arg( 'paged', (int) $_REQUEST['paged'] ); @@ -264,8 +269,8 @@

' . __('Search results for “%s”') . '', esc_html( stripslashes($_REQUEST['s']) ) ); ?> +if ( ! empty($_REQUEST['s']) ) + printf( '' . __('Search results for “%s”') . '', esc_html( wp_unslash( $_REQUEST['s'] ) ) ); ?>

Index: wp-admin/update.php =================================================================== --- wp-admin/update.php (revision 23401) +++ wp-admin/update.php (working copy) @@ -26,7 +26,7 @@ check_admin_referer( 'bulk-update-plugins' ); if ( isset( $_GET['plugins'] ) ) - $plugins = explode( ',', stripslashes($_GET['plugins']) ); + $plugins = explode( ',', wp_unslash($_GET['plugins']) ); elseif ( isset( $_POST['checked'] ) ) $plugins = (array) $_POST['checked']; else @@ -109,7 +109,7 @@ $nonce = 'install-plugin_' . $plugin; $url = 'update.php?action=install-plugin&plugin=' . $plugin; if ( isset($_GET['from']) ) - $url .= '&from=' . urlencode(stripslashes($_GET['from'])); + $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) ); $type = 'web'; //Install plugin type, From Web or an Upload. @@ -173,7 +173,7 @@ check_admin_referer( 'bulk-update-themes' ); if ( isset( $_GET['themes'] ) ) - $themes = explode( ',', stripslashes($_GET['themes']) ); + $themes = explode( ',', wp_unslash( $_GET['themes'] ) ); elseif ( isset( $_POST['checked'] ) ) $themes = (array) $_POST['checked']; else Index: wp-admin/theme-editor.php =================================================================== --- wp-admin/theme-editor.php (revision 23401) +++ wp-admin/theme-editor.php (working copy) @@ -68,7 +68,7 @@ $relative_file = 'style.css'; $file = $allowed_files['style.css']; } else { - $relative_file = stripslashes( $file ); + $relative_file = wp_unslash( $file ); $file = $theme->get_stylesheet_directory() . '/' . $relative_file; } @@ -78,7 +78,7 @@ switch( $action ) { case 'update': check_admin_referer( 'edit-theme_' . $file . $stylesheet ); - $newcontent = stripslashes( $_POST['newcontent'] ); + $newcontent = wp_unslash( $_POST['newcontent'] ); $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto; if ( is_writeable( $file ) ) { //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable Index: wp-admin/admin.php =================================================================== --- wp-admin/admin.php (revision 23401) +++ wp-admin/admin.php (working copy) @@ -43,7 +43,7 @@ do_action('after_db_upgrade'); } elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) { if ( !is_multisite() ) { - wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI'])))); + wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ); exit; } elseif ( apply_filters( 'do_mu_upgrade', true ) ) { /** @@ -84,7 +84,7 @@ $editing = false; if ( isset($_GET['page']) ) { - $plugin_page = stripslashes($_GET['page']); + $plugin_page = wp_unslash( $_GET['page'] ); $plugin_page = plugin_basename($plugin_page); } Index: wp-admin/custom-header.php =================================================================== --- wp-admin/custom-header.php (revision 23401) +++ wp-admin/custom-header.php (working copy) @@ -948,7 +948,7 @@ 'width' => $choice['width'], ); - update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); + wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); set_theme_mod( 'header_image', $choice['url'] ); set_theme_mod( 'header_image_data', $header_image_data ); return; Index: wp-admin/user-new.php =================================================================== --- wp-admin/user-new.php (revision 23401) +++ wp-admin/user-new.php (working copy) @@ -112,16 +112,16 @@ } } else { // Adding a new user to this blog - $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] ); + $user_details = wpmu_validate_user_signup( wp_unslash( $_REQUEST[ 'user_login' ] ), wp_unslash( $_REQUEST[ 'email' ] ) ); unset( $user_details[ 'errors' ]->errors[ 'user_email_used' ] ); if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) { $add_user_errors = $user_details[ 'errors' ]; } else { - $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true)); + $new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) ); if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email } - wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); + wpmu_signup_user( $new_user_login, wp_unslash( $_REQUEST[ 'email' ] ), array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) ); wpmu_activate_signup( $key ); @@ -310,7 +310,7 @@ $var = "new_user_$var"; if( isset( $_POST['createuser'] ) ) { if ( ! isset($$var) ) - $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : ''; + $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : ''; } else { $$var = false; } Index: wp-admin/media.php =================================================================== --- wp-admin/media.php (revision 23401) +++ wp-admin/media.php (working copy) @@ -32,7 +32,7 @@ } if ( false !== strpos($location, 'upload.php') ) { $location = remove_query_arg('message', $location); - $location = add_query_arg('posted', $attachment_id, $location); + $location = add_query_arg('posted', $attachment_id, $location); } elseif ( false !== strpos($location, 'media.php') ) { $location = add_query_arg('message', 'updated', $location); } Index: wp-admin/upload.php =================================================================== --- wp-admin/upload.php (revision 23401) +++ wp-admin/upload.php (working copy) @@ -132,7 +132,7 @@ wp_redirect( $location ); exit; } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); exit; } Index: wp-admin/edit-form-comment.php =================================================================== --- wp-admin/edit-form-comment.php (revision 23401) +++ wp-admin/edit-form-comment.php (working copy) @@ -132,7 +132,7 @@ - + Index: wp-admin/edit-form-advanced.php =================================================================== --- wp-admin/edit-form-advanced.php (revision 23401) +++ wp-admin/edit-form-advanced.php (working copy) @@ -304,7 +304,7 @@ - + user_login , get_site_url( $id ), stripslashes( $title ) ); +Name: %3$s' ), $current_user->user_login , get_site_url( $id ), $title ); wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' ); wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) ); wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) ); Index: wp-admin/network/site-info.php =================================================================== --- wp-admin/network/site-info.php (revision 23401) +++ wp-admin/network/site-info.php (working copy) @@ -62,7 +62,7 @@ delete_option( 'rewrite_rules' ); // update blogs table - $blog_data = stripslashes_deep( $_POST['blog'] ); + $blog_data = wp_unslash( $_POST['blog'] ); $existing_details = get_blog_details( $id, false ); $blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' ); foreach ( $blog_data_checkboxes as $c ) { Index: wp-admin/network/settings.php =================================================================== --- wp-admin/network/settings.php (revision 23401) +++ wp-admin/network/settings.php (working copy) @@ -61,7 +61,7 @@ foreach ( $options as $option_name ) { if ( ! isset($_POST[$option_name]) ) continue; - $value = stripslashes_deep( $_POST[$option_name] ); + $value = wp_unslash( $_POST[$option_name] ); update_site_option( $option_name, $value ); } @@ -181,7 +181,7 @@ +
@@ -190,7 +190,7 @@ +
@@ -199,7 +199,7 @@ +
@@ -208,7 +208,7 @@ +
@@ -217,7 +217,7 @@ +
Index: wp-admin/network/site-settings.php =================================================================== --- wp-admin/network/site-settings.php (revision 23401) +++ wp-admin/network/site-settings.php (working copy) @@ -53,12 +53,14 @@ $count = count( $_POST['option'] ); $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form. foreach ( (array) $_POST['option'] as $key => $val ) { + $key = wp_unslash( $key ); + $val = wp_unslash( $val ); if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) ) continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options if ( $c == $count ) - update_option( $key, stripslashes( $val ) ); + update_option( $key, $val ); else - update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet + update_option( $key, $val, false ); // no need to refresh blog details yet $c++; } Index: wp-admin/network/sites.php =================================================================== --- wp-admin/network/sites.php (revision 23401) +++ wp-admin/network/sites.php (working copy) @@ -79,7 +79,7 @@ -

+

Index: wp-admin/nav-menus.php =================================================================== --- wp-admin/nav-menus.php (revision 23401) +++ wp-admin/nav-menus.php (working copy) @@ -93,7 +93,7 @@ if ( ! is_wp_error( $parent_object ) ) { $parent_data = (array) $parent_object; $menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent']; - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); } @@ -103,7 +103,7 @@ $menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1; $menu_item_data['menu_item_parent'] = $next_item_data['ID']; - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); wp_update_post($menu_item_data); wp_update_post($next_item_data); @@ -115,7 +115,7 @@ in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids ) ) { $menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true); - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); } } } @@ -190,7 +190,7 @@ $menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1; // save changes - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); wp_update_post($menu_item_data); wp_update_post($parent_data); } @@ -205,7 +205,7 @@ ) { // just make it a child of the previous; keep the order $menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1]; - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); wp_update_post($menu_item_data); } } Index: wp-admin/edit.php =================================================================== --- wp-admin/edit.php (revision 23401) +++ wp-admin/edit.php (working copy) @@ -138,7 +138,7 @@ wp_redirect($sendback); exit(); } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) { - wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) ); + wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); exit; } Index: wp-admin/upgrade.php =================================================================== --- wp-admin/upgrade.php (revision 23401) +++ wp-admin/upgrade.php (working copy) @@ -77,7 +77,7 @@ @@ -90,7 +90,7 @@ case 1: wp_upgrade(); - $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/'; + $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/'; $backto = esc_url( $backto ); $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/'); ?> Index: wp-admin/options.php =================================================================== --- wp-admin/options.php (revision 23401) +++ wp-admin/options.php (working copy) @@ -120,16 +120,16 @@ if ( 'options' == $option_page ) { if ( is_multisite() && ! is_super_admin() ) wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) ); - $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) ); + $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) ); } else { $options = $whitelist_options[ $option_page ]; } // Handle custom date/time formats if ( 'general' == $option_page ) { - if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) ) + if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) $_POST['date_format'] = $_POST['date_format_custom']; - if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) ) + if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) $_POST['time_format'] = $_POST['time_format_custom']; // Map UTC+- timezones to gmt_offsets and set timezone_string to empty. if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) { @@ -150,7 +150,7 @@ $value = $_POST[ $option ]; if ( ! is_array( $value ) ) $value = trim( $value ); - $value = stripslashes_deep( $value ); + $value = wp_unslash( $value ); } update_option( $option, $value ); } Index: wp-admin/user-edit.php =================================================================== --- wp-admin/user-edit.php (revision 23401) +++ wp-admin/user-edit.php (working copy) @@ -54,7 +54,7 @@ '

' . __('Support Forums') . '

' ); -$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); +$wp_http_referer = remove_query_arg(array('update', 'delete_count'), wp_unslash( $wp_http_referer ) ); $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' ); Index: wp-admin/press-this.php =================================================================== --- wp-admin/press-this.php (revision 23401) +++ wp-admin/press-this.php (working copy) @@ -91,11 +91,11 @@ } // Set Variables -$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; +$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; $selection = ''; if ( !empty($_GET['s']) ) { - $selection = str_replace(''', "'", stripslashes($_GET['s'])); + $selection = str_replace(''', "'", wp_unslash($_GET['s'])); $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); } Index: wp-admin/setup-config.php =================================================================== --- wp-admin/setup-config.php (revision 23401) +++ wp-admin/setup-config.php (working copy) @@ -164,7 +164,7 @@ case 2: foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key ) - $$key = trim( stripslashes( $_POST[ $key ] ) ); + $$key = trim( wp_unslash( $_POST[ $key ] ) ); $tryagain_link = '

' . __( 'Try again' ) . ''; Index: wp-admin/link-manager.php =================================================================== --- wp-admin/link-manager.php (revision 23401) +++ wp-admin/link-manager.php (working copy) @@ -31,7 +31,7 @@ exit; } } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); exit; } @@ -72,7 +72,7 @@

' . __('Search results for “%s”') . '', esc_html( stripslashes($_REQUEST['s']) ) ); ?> + printf( '' . __('Search results for “%s”') . '', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>

@@ -189,11 +189,11 @@ display_header(); // Fill in the data we gathered - $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : ''; - $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin'; - $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : ''; - $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : ''; - $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : ''; + $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; + $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin'; + $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : ''; + $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : ''; + $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : ''; $public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0; // check e-mail address $error = false; Index: wp-admin/plugin-editor.php =================================================================== --- wp-admin/plugin-editor.php (revision 23401) +++ wp-admin/plugin-editor.php (working copy) @@ -28,7 +28,7 @@ wp_die( __('There are no plugins installed on this site.') ); if ( isset($_REQUEST['file']) ) - $plugin = stripslashes($_REQUEST['file']); + $plugin = wp_unslash($_REQUEST['file']); if ( empty($plugin) ) { $plugin = array_keys($plugins); @@ -40,7 +40,7 @@ if ( empty($file) ) $file = $plugin_files[0]; else - $file = stripslashes($file); + $file = wp_unslash($file); $file = validate_file_to_edit($file, $plugin_files); $real_file = WP_PLUGIN_DIR . '/' . $file; @@ -52,7 +52,7 @@ check_admin_referer('edit-plugin_' . $file); - $newcontent = stripslashes($_POST['newcontent']); + $newcontent = wp_unslash( $_POST['newcontent'] ); if ( is_writeable($real_file) ) { $f = fopen($real_file, 'w+'); fwrite($f, $newcontent); Index: wp-admin/custom-background.php =================================================================== --- wp-admin/custom-background.php (revision 23401) +++ wp-admin/custom-background.php (working copy) @@ -378,7 +378,7 @@ // Add the meta-data wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); - update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); + wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); set_theme_mod('background_image', esc_url_raw($url)); @@ -415,7 +415,7 @@ if ( in_array( $_POST['size'], $sizes ) ) $size = esc_attr( $_POST['size'] ); - update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); + wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); $url = wp_get_attachment_image_src( $attachment_id, $size ); $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' ); set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );