' . __('Search results for “%s”') . '', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
+if ( ! empty($_REQUEST['s']) )
+ printf( '' . __('Search results for “%s”') . '', esc_html( wp_unslash( $_REQUEST['s'] ) ) ); ?>
Index: wp-admin/update.php
===================================================================
--- wp-admin/update.php (revision 23391)
+++ wp-admin/update.php (working copy)
@@ -26,7 +26,7 @@
check_admin_referer( 'bulk-update-plugins' );
if ( isset( $_GET['plugins'] ) )
- $plugins = explode( ',', stripslashes($_GET['plugins']) );
+ $plugins = explode( ',', wp_unslash($_GET['plugins']) );
elseif ( isset( $_POST['checked'] ) )
$plugins = (array) $_POST['checked'];
else
@@ -109,7 +109,7 @@
$nonce = 'install-plugin_' . $plugin;
$url = 'update.php?action=install-plugin&plugin=' . $plugin;
if ( isset($_GET['from']) )
- $url .= '&from=' . urlencode(stripslashes($_GET['from']));
+ $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) );
$type = 'web'; //Install plugin type, From Web or an Upload.
@@ -173,7 +173,7 @@
check_admin_referer( 'bulk-update-themes' );
if ( isset( $_GET['themes'] ) )
- $themes = explode( ',', stripslashes($_GET['themes']) );
+ $themes = explode( ',', wp_unslash( $_GET['themes'] ) );
elseif ( isset( $_POST['checked'] ) )
$themes = (array) $_POST['checked'];
else
Index: wp-admin/theme-editor.php
===================================================================
--- wp-admin/theme-editor.php (revision 23391)
+++ wp-admin/theme-editor.php (working copy)
@@ -68,7 +68,7 @@
$relative_file = 'style.css';
$file = $allowed_files['style.css'];
} else {
- $relative_file = stripslashes( $file );
+ $relative_file = wp_unslash( $file );
$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
}
@@ -78,7 +78,7 @@
switch( $action ) {
case 'update':
check_admin_referer( 'edit-theme_' . $file . $stylesheet );
- $newcontent = stripslashes( $_POST['newcontent'] );
+ $newcontent = wp_unslash( $_POST['newcontent'] );
$location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
if ( is_writeable( $file ) ) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
Index: wp-admin/admin.php
===================================================================
--- wp-admin/admin.php (revision 23391)
+++ wp-admin/admin.php (working copy)
@@ -43,7 +43,7 @@
do_action('after_db_upgrade');
} elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) {
if ( !is_multisite() ) {
- wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
+ wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
exit;
} elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
/**
@@ -84,7 +84,7 @@
$editing = false;
if ( isset($_GET['page']) ) {
- $plugin_page = stripslashes($_GET['page']);
+ $plugin_page = wp_unslash( $_GET['page'] );
$plugin_page = plugin_basename($plugin_page);
}
Index: wp-admin/custom-header.php
===================================================================
--- wp-admin/custom-header.php (revision 23391)
+++ wp-admin/custom-header.php (working copy)
@@ -948,7 +948,7 @@
'width' => $choice['width'],
);
- update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
+ wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
set_theme_mod( 'header_image', $choice['url'] );
set_theme_mod( 'header_image_data', $header_image_data );
return;
Index: wp-admin/user-new.php
===================================================================
--- wp-admin/user-new.php (revision 23391)
+++ wp-admin/user-new.php (working copy)
@@ -117,7 +117,7 @@
if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
$add_user_errors = $user_details[ 'errors' ];
} else {
- $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
+ $new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
}
@@ -310,7 +310,7 @@
$var = "new_user_$var";
if( isset( $_POST['createuser'] ) ) {
if ( ! isset($$var) )
- $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
+ $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
} else {
$$var = false;
}
Index: wp-admin/media.php
===================================================================
--- wp-admin/media.php (revision 23391)
+++ wp-admin/media.php (working copy)
@@ -32,7 +32,7 @@
}
if ( false !== strpos($location, 'upload.php') ) {
$location = remove_query_arg('message', $location);
- $location = add_query_arg('posted', $attachment_id, $location);
+ $location = add_query_arg('posted', $attachment_id, $location);
} elseif ( false !== strpos($location, 'media.php') ) {
$location = add_query_arg('message', 'updated', $location);
}
Index: wp-admin/upload.php
===================================================================
--- wp-admin/upload.php (revision 23391)
+++ wp-admin/upload.php (working copy)
@@ -132,7 +132,7 @@
wp_redirect( $location );
exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
Index: wp-admin/edit-form-comment.php
===================================================================
--- wp-admin/edit-form-comment.php (revision 23391)
+++ wp-admin/edit-form-comment.php (working copy)
@@ -132,7 +132,7 @@
-
+
Index: wp-admin/edit-form-advanced.php
===================================================================
--- wp-admin/edit-form-advanced.php (revision 23391)
+++ wp-admin/edit-form-advanced.php (working copy)
@@ -304,7 +304,7 @@
-
+
user_login , get_site_url( $id ), stripslashes( $title ) );
+Name: %3$s' ), $current_user->user_login , get_site_url( $id ), $title );
wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );
wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) );
Index: wp-admin/network/site-info.php
===================================================================
--- wp-admin/network/site-info.php (revision 23391)
+++ wp-admin/network/site-info.php (working copy)
@@ -62,7 +62,7 @@
delete_option( 'rewrite_rules' );
// update blogs table
- $blog_data = stripslashes_deep( $_POST['blog'] );
+ $blog_data = wp_unslash( $_POST['blog'] );
$existing_details = get_blog_details( $id, false );
$blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
foreach ( $blog_data_checkboxes as $c ) {
Index: wp-admin/network/settings.php
===================================================================
--- wp-admin/network/settings.php (revision 23391)
+++ wp-admin/network/settings.php (working copy)
@@ -61,7 +61,7 @@
foreach ( $options as $option_name ) {
if ( ! isset($_POST[$option_name]) )
continue;
- $value = stripslashes_deep( $_POST[$option_name] );
+ $value = wp_unslash( $_POST[$option_name] );
update_site_option( $option_name, $value );
}
@@ -181,7 +181,7 @@
|
+
|
@@ -190,7 +190,7 @@
|
+
|
@@ -199,7 +199,7 @@
|
+
|
@@ -208,7 +208,7 @@
|
+
|
@@ -217,7 +217,7 @@
|
+
|
Index: wp-admin/network/site-settings.php
===================================================================
--- wp-admin/network/site-settings.php (revision 23391)
+++ wp-admin/network/site-settings.php (working copy)
@@ -53,12 +53,14 @@
$count = count( $_POST['option'] );
$skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
foreach ( (array) $_POST['option'] as $key => $val ) {
+ $key = wp_unslash( $key );
+ $val = wp_unslash( $val );
if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
if ( $c == $count )
- update_option( $key, stripslashes( $val ) );
+ update_option( $key, $val );
else
- update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
+ update_option( $key, $val, false ); // no need to refresh blog details yet
$c++;
}
Index: wp-admin/nav-menus.php
===================================================================
--- wp-admin/nav-menus.php (revision 23391)
+++ wp-admin/nav-menus.php (working copy)
@@ -93,7 +93,7 @@
if ( ! is_wp_error( $parent_object ) ) {
$parent_data = (array) $parent_object;
$menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent'];
- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
}
@@ -103,7 +103,7 @@
$menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1;
$menu_item_data['menu_item_parent'] = $next_item_data['ID'];
- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
wp_update_post($menu_item_data);
wp_update_post($next_item_data);
@@ -115,7 +115,7 @@
in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids )
) {
$menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true);
- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
}
}
}
@@ -190,7 +190,7 @@
$menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1;
// save changes
- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
wp_update_post($menu_item_data);
wp_update_post($parent_data);
}
@@ -205,7 +205,7 @@
) {
// just make it a child of the previous; keep the order
$menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1];
- update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
+ wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
wp_update_post($menu_item_data);
}
}
Index: wp-admin/edit.php
===================================================================
--- wp-admin/edit.php (revision 23391)
+++ wp-admin/edit.php (working copy)
@@ -138,7 +138,7 @@
wp_redirect($sendback);
exit();
} elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
- wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
+ wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
Index: wp-admin/upgrade.php
===================================================================
--- wp-admin/upgrade.php (revision 23391)
+++ wp-admin/upgrade.php (working copy)
@@ -77,7 +77,7 @@
@@ -90,7 +90,7 @@
case 1:
wp_upgrade();
- $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
+ $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
$backto = esc_url( $backto );
$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
?>
Index: wp-admin/options.php
===================================================================
--- wp-admin/options.php (revision 23391)
+++ wp-admin/options.php (working copy)
@@ -120,16 +120,16 @@
if ( 'options' == $option_page ) {
if ( is_multisite() && ! is_super_admin() )
wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
- $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
+ $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
} else {
$options = $whitelist_options[ $option_page ];
}
// Handle custom date/time formats
if ( 'general' == $option_page ) {
- if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
+ if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
$_POST['date_format'] = $_POST['date_format_custom'];
- if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
+ if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
$_POST['time_format'] = $_POST['time_format_custom'];
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
@@ -150,7 +150,7 @@
$value = $_POST[ $option ];
if ( ! is_array( $value ) )
$value = trim( $value );
- $value = stripslashes_deep( $value );
+ $value = wp_unslash( $value );
}
update_option( $option, $value );
}
Index: wp-admin/user-edit.php
===================================================================
--- wp-admin/user-edit.php (revision 23391)
+++ wp-admin/user-edit.php (working copy)
@@ -54,7 +54,7 @@
'
' . __('Support Forums') . '
'
);
-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
+$wp_http_referer = remove_query_arg(array('update', 'delete_count'), wp_unslash( $wp_http_referer ) );
$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
Index: wp-admin/press-this.php
===================================================================
--- wp-admin/press-this.php (revision 23391)
+++ wp-admin/press-this.php (working copy)
@@ -91,11 +91,11 @@
}
// Set Variables
-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
$selection = '';
if ( !empty($_GET['s']) ) {
- $selection = str_replace(''', "'", stripslashes($_GET['s']));
+ $selection = str_replace(''', "'", wp_unslash($_GET['s']));
$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
}
Index: wp-admin/setup-config.php
===================================================================
--- wp-admin/setup-config.php (revision 23391)
+++ wp-admin/setup-config.php (working copy)
@@ -164,7 +164,7 @@
case 2:
foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
- $$key = trim( stripslashes( $_POST[ $key ] ) );
+ $$key = trim( wp_unslash( $_POST[ $key ] ) );
$tryagain_link = '
' . __( 'Try again' ) . '';
Index: wp-admin/link-manager.php
===================================================================
--- wp-admin/link-manager.php (revision 23391)
+++ wp-admin/link-manager.php (working copy)
@@ -31,7 +31,7 @@
exit;
}
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
@@ -72,7 +72,7 @@
' . __('Search results for “%s”') . '', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
+ printf( '' . __('Search results for “%s”') . '', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
@@ -189,11 +189,11 @@
display_header();
// Fill in the data we gathered
- $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
- $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
- $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
- $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
- $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
+ $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+ $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+ $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
+ $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
+ $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0;
// check e-mail address
$error = false;
Index: wp-admin/plugin-editor.php
===================================================================
--- wp-admin/plugin-editor.php (revision 23391)
+++ wp-admin/plugin-editor.php (working copy)
@@ -28,7 +28,7 @@
wp_die( __('There are no plugins installed on this site.') );
if ( isset($_REQUEST['file']) )
- $plugin = stripslashes($_REQUEST['file']);
+ $plugin = wp_unslash($_REQUEST['file']);
if ( empty($plugin) ) {
$plugin = array_keys($plugins);
@@ -40,7 +40,7 @@
if ( empty($file) )
$file = $plugin_files[0];
else
- $file = stripslashes($file);
+ $file = wp_unslash($file);
$file = validate_file_to_edit($file, $plugin_files);
$real_file = WP_PLUGIN_DIR . '/' . $file;
@@ -52,7 +52,7 @@
check_admin_referer('edit-plugin_' . $file);
- $newcontent = stripslashes($_POST['newcontent']);
+ $newcontent = wp_unslash( $_POST['newcontent'] );
if ( is_writeable($real_file) ) {
$f = fopen($real_file, 'w+');
fwrite($f, $newcontent);
Index: wp-admin/custom-background.php
===================================================================
--- wp-admin/custom-background.php (revision 23391)
+++ wp-admin/custom-background.php (working copy)
@@ -378,7 +378,7 @@
// Add the meta-data
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
- update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
+ wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
set_theme_mod('background_image', esc_url_raw($url));
@@ -415,7 +415,7 @@
if ( in_array( $_POST['size'], $sizes ) )
$size = esc_attr( $_POST['size'] );
- update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
+ wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
$url = wp_get_attachment_image_src( $attachment_id, $size );
$thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );