Index: wp-comments-post.php =================================================================== --- wp-comments-post.php (revision 21934) +++ wp-comments-post.php (working copy) @@ -47,10 +47,10 @@ do_action('pre_comment_on_post', $comment_post_ID); } -$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; -$comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; -$comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; -$comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; +$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags(stripslashes($_POST['author']))) : null; +$comment_author_email = ( isset($_POST['email']) ) ? trim(stripslashes($_POST['email'])) : null; +$comment_author_url = ( isset($_POST['url']) ) ? trim(stripslashes($_POST['url'])) : null; +$comment_content = ( isset($_POST['comment']) ) ? trim(stripslashes($_POST['comment'])) : null; // If the user is logged in $user = wp_get_current_user(); Index: wp-includes/default-filters.php =================================================================== --- wp-includes/default-filters.php (revision 21934) +++ wp-includes/default-filters.php (working copy) @@ -14,8 +14,8 @@ // Strip, trim, kses, special chars for string saves foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) { - add_filter( $filter, 'sanitize_text_field' ); - add_filter( $filter, 'wp_filter_kses' ); + add_filter( $filter, 'sanitize_text_field' ); + add_filter( $filter, 'wp_kses_data' ); add_filter( $filter, '_wp_specialchars', 30 ); } @@ -31,22 +31,21 @@ // Kses only for textarea saves foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) { - add_filter( $filter, 'wp_filter_kses' ); + add_filter( $filter, 'wp_kses_data' ); } // Kses only for textarea admin displays if ( is_admin() ) { - foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) { + foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description', 'comment_text' ) as $filter ) { add_filter( $filter, 'wp_kses_data' ); } - add_filter( 'comment_text', 'wp_kses_post' ); } // Email saves foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) { add_filter( $filter, 'trim' ); add_filter( $filter, 'sanitize_email' ); - add_filter( $filter, 'wp_filter_kses' ); + add_filter( $filter, 'wp_kses_data' ); } // Email admin display Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 21934) +++ wp-includes/taxonomy.php (working copy) @@ -2053,10 +2053,6 @@ $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); - // expected_slashed ($name) - $name = stripslashes($name); - $description = stripslashes($description); - if ( empty($slug) ) $slug = sanitize_title($name); @@ -2350,9 +2346,6 @@ if ( is_wp_error( $term ) ) return $term; - // Escape data pulled from DB. - $term = add_magic_quotes($term); - // Merge old and new args with new args overwriting old ones. $args = array_merge($term, $args); @@ -2361,10 +2354,6 @@ $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); - // expected_slashed ($name) - $name = stripslashes($name); - $description = stripslashes($description); - if ( '' == trim($name) ) return new WP_Error('empty_term_name', __('A name is required for this term')); Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (revision 21934) +++ wp-includes/post.php (working copy) @@ -206,7 +206,7 @@ $file = apply_filters( 'update_attached_file', $file, $attachment_id ); $file = _wp_relative_upload_path($file); - return update_post_meta( $attachment_id, '_wp_attached_file', $file ); + return wp_update_post_meta( $attachment_id, '_wp_attached_file', $file ); } /** @@ -1605,12 +1605,36 @@ * @link http://codex.wordpress.org/Function_Reference/add_post_meta * * @param int $post_id Post ID. - * @param string $meta_key Metadata name. - * @param mixed $meta_value Metadata value. + * @param string $meta_key Metadata name (expected slashed). + * @param mixed $meta_value Metadata value (expected slashed). * @param bool $unique Optional, default is false. Whether the same key should not be added. * @return bool False for failure. True for success. */ function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { + _deprecated_function( __FUNCTION__, '3.5', 'wp_add_post_meta() (expects unslashed data)' ); + + // expected slashed + $meta_key = stripslashes( $meta_key ); + $meta_value = stripslashes_deep( $meta_value ); + + return wp_add_post_meta($post_id, $meta_key, $meta_value, $unique); +} + +/** + * Add meta data field to a post. + * + * Post meta data is called "Custom Fields" on the Administration Screen. + * + * @since 3.5.0 + * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta + * + * @param int $post_id Post ID. + * @param string $meta_key Metadata name (clean, slashes already stripped). + * @param mixed $meta_value Metadata value (clean, slashes already stripped). + * @param bool $unique Optional, default is false. Whether the same key should not be added. + * @return bool False for failure. True for success. + */ +function wp_add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { // make sure meta is added to the post, not a revision if ( $the_post = wp_is_post_revision($post_id) ) $post_id = $the_post; @@ -1672,12 +1696,40 @@ * @link http://codex.wordpress.org/Function_Reference/update_post_meta * * @param int $post_id Post ID. - * @param string $meta_key Metadata key. - * @param mixed $meta_value Metadata value. + * @param string $meta_key Metadata key (expected slashed). + * @param mixed $meta_value Metadata value (expected slashed). * @param mixed $prev_value Optional. Previous value to check before removing. * @return bool False on failure, true if success. */ function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { + _deprecated_function( __FUNCTION__, '3.5', 'wp_update_post_meta() (expects unslashed data)' ); + + // expected slashed + $meta_key = stripslashes( $meta_key ); + $meta_value = stripslashes_deep( $meta_value ); + + return wp_update_post_meta($post_id, $meta_key, $meta_value, $prev_value); +} + +/** + * Update post meta field based on post ID. + * + * Use the $prev_value parameter to differentiate between meta fields with the + * same key and post ID. + * + * If the meta field for the post does not exist, it will be added. + * + * @since 3.5.0 + * @uses $wpdb + * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta + * + * @param int $post_id Post ID. + * @param string $meta_key Metadata key (clean, slashes already stripped). + * @param mixed $meta_value Metadata value (clean, slashes already stripped). + * @param mixed $prev_value Optional. Previous value to check before removing. + * @return bool False on failure, true if success. + */ +function wp_update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { // make sure meta is added to the post, not a revision if ( $the_post = wp_is_post_revision($post_id) ) $post_id = $the_post; @@ -2252,8 +2304,8 @@ do_action('wp_trash_post', $post_id); - add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); - add_post_meta($post_id,'_wp_trash_meta_time', time()); + wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); + wp_add_post_meta($post_id,'_wp_trash_meta_time', time()); $post['post_status'] = 'trash'; wp_insert_post($post); @@ -2329,7 +2381,7 @@ $statuses = array(); foreach ( $comments as $comment ) $statuses[$comment->comment_ID] = $comment->comment_approved; - add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); + wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); // Set status for all comments to post-trashed $result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id)); @@ -2705,10 +2757,8 @@ $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); - // expected_slashed (everything!) $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); $data = apply_filters('wp_insert_post_data', $data, $postarr); - $data = stripslashes_deep( $data ); $where = array( 'ID' => $post_ID ); if ( $update ) { @@ -2782,7 +2832,7 @@ else return 0; } - update_post_meta($post_ID, '_wp_page_template', $page_template); + wp_update_post_meta($post_ID, '_wp_page_template', $page_template); } wp_transition_post_status($data['post_status'], $previous_status, $post); @@ -2815,15 +2865,11 @@ if ( is_object($postarr) ) { // non-escaped post was passed $postarr = get_object_vars($postarr); - $postarr = add_magic_quotes($postarr); } // First, get all of the original fields $post = get_post($postarr['ID'], ARRAY_A); - // Escape data pulled from DB. - $post = add_magic_quotes($post); - // Passed post category list overwrites existing category list if not empty. if ( isset($postarr['post_category']) && is_array($postarr['post_category']) && 0 != count($postarr['post_category']) ) @@ -3849,9 +3895,7 @@ if ( ! isset($pinged) ) $pinged = ''; - // expected_slashed (everything!) $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); - $data = stripslashes_deep( $data ); if ( $update ) { $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); @@ -3881,7 +3925,7 @@ clean_post_cache( $post_ID ); if ( ! empty( $context ) ) - add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); + wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); if ( $update) { do_action('edit_attachment', $post_ID); @@ -4030,7 +4074,7 @@ $data = apply_filters( 'wp_update_attachment_metadata', $data, $post->ID ); - return update_post_meta( $post->ID, '_wp_attachment_metadata', $data); + return wp_update_post_meta( $post->ID, '_wp_attachment_metadata', $data); } /** @@ -4267,7 +4311,7 @@ // if we haven't added this old slug before, add it now if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) ) - add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); + wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); // if the new slug was used previously, delete it from the list if ( in_array($post->post_name, $old_slugs) ) @@ -4692,8 +4736,8 @@ return; if ( get_option('default_pingback_flag') ) - add_post_meta( $post_id, '_pingme', '1' ); - add_post_meta( $post_id, '_encloseme', '1' ); + wp_add_post_meta( $post_id, '_pingme', '1' ); + wp_add_post_meta( $post_id, '_encloseme', '1' ); wp_schedule_single_event(time(), 'do_pings'); } @@ -4929,7 +4973,6 @@ return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) ); $post = _wp_post_revision_fields( $post, $autosave ); - $post = add_magic_quotes($post); //since data is from db $revision_id = wp_insert_post( $post ); if ( is_wp_error($revision_id) ) @@ -5008,8 +5051,6 @@ $update['ID'] = $revision['post_parent']; - $update = add_magic_quotes( $update ); //since data is from db - $post_id = wp_update_post( $update ); if ( is_wp_error( $post_id ) ) return $post_id; @@ -5232,7 +5273,7 @@ if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) { $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ); if ( ! empty( $thumbnail_html ) ) { - return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); + return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); } } return false; Index: wp-includes/comment.php =================================================================== --- wp-includes/comment.php (revision 21934) +++ wp-includes/comment.php (working copy) @@ -604,22 +604,22 @@ */ function sanitize_comment_cookies() { if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { - $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); - $comment_author = stripslashes($comment_author); + $comment_author = stripslashes($_COOKIE['comment_author_'.COOKIEHASH]); + $comment_author = apply_filters('pre_comment_author_name', $comment_author); $comment_author = esc_attr($comment_author); $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; } if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { - $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); - $comment_author_email = stripslashes($comment_author_email); + $comment_author_email = stripslashes($_COOKIE['comment_author_email_'.COOKIEHASH]); + $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email); $comment_author_email = esc_attr($comment_author_email); $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; } if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { - $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); - $comment_author_url = stripslashes($comment_author_url); + $comment_author_url = stripslashes($_COOKIE['comment_author_url_'.COOKIEHASH]); + $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url); $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; } } @@ -641,11 +641,10 @@ extract($commentdata, EXTR_SKIP); // Simple duplicate check - // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) - $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' "; + $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '" . $wpdb->escape( $comment_post_ID ) . "' AND comment_approved != 'trash' AND ( comment_author = '" . $wpdb->escape( $comment_author ) . "' "; if ( $comment_author_email ) - $dupe .= "OR comment_author_email = '$comment_author_email' "; - $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; + $dupe .= "OR comment_author_email = '" . $wpdb->escape( $comment_author_email ) . "' "; + $dupe .= ") AND comment_content = '" . $wpdb->escape( $comment_content ) . "' LIMIT 1"; if ( $wpdb->get_var($dupe) ) { do_action( 'comment_duplicate_trigger', $commentdata ); if ( defined('DOING_AJAX') ) @@ -1233,7 +1232,7 @@ */ function wp_insert_comment($commentdata) { global $wpdb; - extract(stripslashes_deep($commentdata), EXTR_SKIP); + extract($commentdata, EXTR_SKIP); if ( ! isset($comment_author_IP) ) $comment_author_IP = ''; @@ -1471,7 +1470,7 @@ $commentarr = wp_filter_comment( $commentarr ); // Now extract the merged array. - extract(stripslashes_deep($commentarr), EXTR_SKIP); + extract($commentarr, EXTR_SKIP); $comment_content = apply_filters('comment_save_pre', $comment_content); Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 21934) +++ wp-includes/functions.php (working copy) @@ -468,7 +468,7 @@ } if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { - add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); + wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); } } } Index: wp-includes/user.php =================================================================== --- wp-includes/user.php (revision 21934) +++ wp-includes/user.php (working copy) @@ -1345,7 +1345,6 @@ } $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); - $data = stripslashes_deep( $data ); if ( $update ) { $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); @@ -1415,9 +1414,6 @@ $user[ $key ] = get_user_meta( $ID, $key, true ); } - // Escape data pulled from DB. - $user = add_magic_quotes( $user ); - // If password is changing, hash it now. if ( ! empty($userdata['user_pass']) ) { $plaintext_pass = $userdata['user_pass']; Index: wp-includes/media.php =================================================================== --- wp-includes/media.php (revision 21934) +++ wp-includes/media.php (working copy) @@ -1220,7 +1220,7 @@ // Cache the result $cache = ( $html ) ? $html : '{{unknown}}'; - update_post_meta( $post_ID, $cachekey, $cache ); + wp_update_post_meta( $post_ID, $cachekey, $cache ); // If there was a result, return it if ( $html ) Index: wp-includes/class-wp-xmlrpc-server.php =================================================================== --- wp-includes/class-wp-xmlrpc-server.php (revision 21934) +++ wp-includes/class-wp-xmlrpc-server.php (working copy) @@ -278,21 +278,21 @@ $post_id = (int) $post_id; foreach ( (array) $fields as $meta ) { + $meta['key'] = stripslashes( $meta['key'] ); + $meta['value'] = stripslashes_deep( $meta['value'] ); if ( isset($meta['id']) ) { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( isset($meta['key']) ) { - $meta['key'] = stripslashes( $meta['key'] ); if ( $meta['key'] != $pmeta->meta_key ) continue; - $meta['value'] = stripslashes_deep( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) { - add_post_meta( $post_id, $meta['key'], $meta['value'] ); + wp_add_post_meta( $post_id, $meta['key'], $meta['value'] ); } } } @@ -4241,7 +4241,7 @@ } } if (!$found) - add_post_meta( $post_ID, 'enclosure', $encstring ); + wp_add_post_meta( $post_ID, 'enclosure', $encstring ); } } @@ -5198,7 +5198,6 @@ // retain old cats $cats = wp_get_post_categories($post_ID); $postdata['post_category'] = $cats; - $this->escape($postdata); $result = wp_update_post($postdata); Index: wp-includes/formatting.php =================================================================== --- wp-includes/formatting.php (revision 21934) +++ wp-includes/formatting.php (working copy) @@ -1689,10 +1689,7 @@ * @return string Converted content. */ function wp_rel_nofollow( $text ) { - // This is a pre save filter, so text is already escaped. - $text = stripslashes($text); $text = preg_replace_callback('||i', 'wp_rel_nofollow_callback', $text); - $text = esc_sql($text); return $text; } Index: wp-includes/kses.php =================================================================== --- wp-includes/kses.php (revision 21934) +++ wp-includes/kses.php (working copy) @@ -1326,18 +1326,18 @@ */ function kses_init_filters() { // Normal filtering - add_filter('title_save_pre', 'wp_filter_kses'); + add_filter('title_save_pre', 'wp_kses_data'); // Comment filtering if ( current_user_can( 'unfiltered_html' ) ) - add_filter( 'pre_comment_content', 'wp_filter_post_kses' ); + add_filter( 'pre_comment_content', 'wp_kses_post' ); else - add_filter( 'pre_comment_content', 'wp_filter_kses' ); + add_filter( 'pre_comment_content', 'wp_kses_data' ); // Post filtering - add_filter('content_save_pre', 'wp_filter_post_kses'); - add_filter('excerpt_save_pre', 'wp_filter_post_kses'); - add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); + add_filter('content_save_pre', 'wp_kses_post'); + add_filter('excerpt_save_pre', 'wp_kses_post'); + add_filter('content_filtered_save_pre', 'wp_kses_post'); } /** @@ -1354,16 +1354,16 @@ */ function kses_remove_filters() { // Normal filtering - remove_filter('title_save_pre', 'wp_filter_kses'); + remove_filter('title_save_pre', 'wp_kses_data'); // Comment filtering - remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); - remove_filter( 'pre_comment_content', 'wp_filter_kses' ); + remove_filter( 'pre_comment_content', 'wp_kses_post' ); + remove_filter( 'pre_comment_content', 'wp_kses_data' ); // Post filtering - remove_filter('content_save_pre', 'wp_filter_post_kses'); - remove_filter('excerpt_save_pre', 'wp_filter_post_kses'); - remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); + remove_filter('content_save_pre', 'wp_kses_post'); + remove_filter('excerpt_save_pre', 'wp_kses_post'); + remove_filter('content_filtered_save_pre', 'wp_kses_post'); } /** Index: wp-includes/meta.php =================================================================== --- wp-includes/meta.php (revision 21934) +++ wp-includes/meta.php (working copy) @@ -42,9 +42,6 @@ $column = esc_sql($meta_type . '_id'); - // expected_slashed ($meta_key) - $meta_key = stripslashes($meta_key); - $meta_value = stripslashes_deep($meta_value); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); @@ -113,10 +110,7 @@ $column = esc_sql($meta_type . '_id'); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; - // expected_slashed ($meta_key) - $meta_key = stripslashes($meta_key); $passed_value = $meta_value; - $meta_value = stripslashes_deep($meta_value); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); Index: wp-includes/nav-menu.php =================================================================== --- wp-includes/nav-menu.php (revision 21934) +++ wp-includes/nav-menu.php (working copy) @@ -376,20 +376,20 @@ $menu_item_db_id = (int) $menu_item_db_id; - update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); - update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (int) $args['menu-item-parent-id'] ); - update_post_meta( $menu_item_db_id, '_menu_item_object_id', (int) $args['menu-item-object-id'] ); - update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); - update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (int) $args['menu-item-parent-id'] ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', (int) $args['menu-item-object-id'] ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) ); $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) ); - update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); - update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); - update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); if ( 0 == $menu_id ) - update_post_meta( $menu_item_db_id, '_menu_item_orphaned', time() ); + wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', time() ); else delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' ); Index: wp-mail.php =================================================================== --- wp-mail.php (revision 21934) +++ wp-mail.php (working copy) @@ -202,7 +202,6 @@ $post_category = array(get_option('default_email_category')); $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); - $post_data = add_magic_quotes($post_data); $post_ID = wp_insert_post($post_data); if ( is_wp_error( $post_ID ) ) Index: wp-admin/includes/bookmark.php =================================================================== --- wp-admin/includes/bookmark.php (revision 21934) +++ wp-admin/includes/bookmark.php (working copy) @@ -39,9 +39,9 @@ if ( !empty( $link_id ) ) { $_POST['link_id'] = $link_id; - return wp_update_link( $_POST ); + return wp_update_link( stripslashes_deep( $_POST ) ); } else { - return wp_insert_link( $_POST ); + return wp_insert_link( stripslashes_deep( $_POST ) ); } } @@ -137,7 +137,7 @@ $linkdata = wp_parse_args( $linkdata, $defaults ); $linkdata = sanitize_bookmark( $linkdata, 'db' ); - extract( stripslashes_deep( $linkdata ), EXTR_SKIP ); + extract( $linkdata, EXTR_SKIP ); $update = false; @@ -250,9 +250,6 @@ $link = get_bookmark( $link_id, ARRAY_A ); - // Escape data pulled from DB. - $link = add_magic_quotes( $link ); - // Passed link category list overwrites existing category list if not empty. if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] ) && 0 != count( $linkdata['link_category'] ) ) Index: wp-admin/includes/taxonomy.php =================================================================== --- wp-admin/includes/taxonomy.php (revision 21934) +++ wp-admin/includes/taxonomy.php (working copy) @@ -157,9 +157,6 @@ // First, get all of the original fields $category = get_category($cat_ID, ARRAY_A); - // Escape data pulled from DB. - $category = add_magic_quotes($category); - // Merge old and new fields with new fields overwriting old ones. $catarr = array_merge($category, $catarr); Index: wp-admin/includes/ajax-actions.php =================================================================== --- wp-admin/includes/ajax-actions.php (revision 21934) +++ wp-admin/includes/ajax-actions.php (working copy) @@ -279,19 +279,20 @@ */ function _wp_ajax_add_hierarchical_term() { + $post_data = stripslashes_deep( $_POST ); $action = $_POST['action']; $taxonomy = get_taxonomy(substr($action, 4)); check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); if ( !current_user_can( $taxonomy->cap->edit_terms ) ) wp_die( -1 ); - $names = explode(',', $_POST['new'.$taxonomy->name]); - $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; + $names = explode(',', $post_data['new'.$taxonomy->name]); + $parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0; if ( 0 > $parent ) $parent = 0; if ( $taxonomy->name == 'category' ) - $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); + $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array(); else - $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); + $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array(); $checked_categories = array_map( 'absint', (array) $post_category ); $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); @@ -559,7 +560,7 @@ check_ajax_referer( $action ); if ( !current_user_can( 'manage_categories' ) ) wp_die( -1 ); - $names = explode(',', $_POST['newcat']); + $names = explode( ',', stripslashes( $_POST['newcat'] ) ); $x = new WP_Ajax_Response(); foreach ( $names as $cat_name ) { $cat_name = trim($cat_name); @@ -586,9 +587,11 @@ function wp_ajax_add_tag() { global $wp_list_table; + $post_data = stripslashes_deep( $_POST ); + check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); - $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; - $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; + $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post'; + $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag'; $tax = get_taxonomy($taxonomy); if ( !current_user_can( $tax->cap->edit_terms ) ) @@ -596,7 +599,7 @@ $x = new WP_Ajax_Response(); - $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); + $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { $message = __('An error has occurred. Please reload the page and try again.'); @@ -610,7 +613,7 @@ $x->send(); } - $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) ); + $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => stripslashes( $_POST['screen'] ) ) ); $level = 0; if ( is_taxonomy_hierarchical($taxonomy) ) { @@ -731,7 +734,7 @@ $comment_author = $wpdb->escape($user->display_name); $comment_author_email = $wpdb->escape($user->user_email); $comment_author_url = $wpdb->escape($user->user_url); - $comment_content = trim($_POST['content']); + $comment_content = trim( stripslashes( $_POST['content'] ) ); if ( current_user_can( 'unfiltered_html' ) ) { if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate @@ -1327,7 +1330,6 @@ $data = &$_POST; $post = get_post( $post_ID, ARRAY_A ); - $post = add_magic_quotes($post); //since it is from db $data['content'] = $post['post_content']; $data['excerpt'] = $post['post_excerpt']; @@ -1375,8 +1377,10 @@ global $wp_list_table; check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); + + $post_data = stripslashes_deep( $_POST ); - $taxonomy = sanitize_key( $_POST['taxonomy'] ); + $taxonomy = sanitize_key( $post_data['taxonomy'] ); $tax = get_taxonomy( $taxonomy ); if ( ! $tax ) wp_die( 0 ); @@ -1386,13 +1390,13 @@ $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); - if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) + if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) ) wp_die( -1 ); $tag = get_term( $id, $taxonomy ); - $_POST['description'] = $tag->description; + $post_data['description'] = $tag->description; - $updated = wp_update_term($id, $taxonomy, $_POST); + $updated = wp_update_term($id, $taxonomy, $post_data ); if ( $updated && !is_wp_error($updated) ) { $tag = get_term( $updated['term_id'], $taxonomy ); if ( !$tag || is_wp_error( $tag ) ) { @@ -1606,7 +1610,7 @@ $post_id = null; } - $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); + $post_data = isset( $_REQUEST['post_data'] ) ? stripslashes_deep( $_REQUEST['post_data'] ) : array(); $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); @@ -1619,10 +1623,10 @@ if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { if ( 'custom-background' === $post_data['context'] ) - update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); + wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); if ( 'custom-header' === $post_data['context'] ) - update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); + wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); } if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) @@ -1751,7 +1755,7 @@ wp_die( 0 ); $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; - update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); + wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); wp_die( 1 ); } Index: wp-admin/includes/post.php =================================================================== --- wp-admin/includes/post.php (revision 21934) +++ wp-admin/includes/post.php (working copy) @@ -143,8 +143,9 @@ */ function edit_post( $post_data = null ) { - if ( empty($post_data) ) - $post_data = &$_POST; + if ( empty($post_data) ) { + $post_data = stripslashes_deep( $_POST ); + } // Clear out any data in internal vars. unset( $post_data['filter'] ); @@ -237,7 +238,7 @@ add_meta( $post_ID ); - update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); + wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); wp_update_post( $post_data ); @@ -555,7 +556,7 @@ } // Create the post. - $post_ID = wp_insert_post( $_POST ); + $post_ID = wp_insert_post( stripslashes_deep( $_POST ) ); if ( is_wp_error( $post_ID ) ) return $post_ID; @@ -564,7 +565,7 @@ add_meta( $post_ID ); - add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); + wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links( $post_ID ); @@ -610,7 +611,7 @@ $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; - $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; + $metavalue = isset($_POST['metavalue']) ? stripslashes( trim( $_POST['metavalue'] ) ) : ''; if ( is_string( $metavalue ) ) $metavalue = trim( $metavalue ); @@ -629,7 +630,7 @@ $metakey = esc_sql( $metakey ); - return add_post_meta( $post_ID, $metakey, $metavalue ); + return wp_add_post_meta( $post_ID, $metakey, $metavalue ); } return false; @@ -702,14 +703,11 @@ * @since 1.2.0 * * @param unknown_type $meta_id - * @param unknown_type $meta_key Expect Slashed - * @param unknown_type $meta_value Expect Slashed + * @param unknown_type $meta_key + * @param unknown_type $meta_value * @return unknown */ function update_meta( $meta_id, $meta_key, $meta_value ) { - $meta_key = stripslashes( $meta_key ); - $meta_value = stripslashes_deep( $meta_value ); - return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); } @@ -763,8 +761,6 @@ if ( $replace ) { $post['post_content'] = $content; - // Escape data pulled from DB. - $post = add_magic_quotes($post); return wp_update_post($post); } @@ -1194,7 +1190,7 @@ $now = time(); $lock = "$now:$user_id"; - update_post_meta( $post->ID, '_edit_lock', $lock ); + wp_update_post_meta( $post->ID, '_edit_lock', $lock ); return array( $now, $user_id ); } Index: wp-admin/includes/misc.php =================================================================== --- wp-admin/includes/misc.php (revision 21934) +++ wp-admin/includes/misc.php (working copy) @@ -322,8 +322,8 @@ if ( !$user = wp_get_current_user() ) return; - $option = $_POST['wp_screen_options']['option']; - $value = $_POST['wp_screen_options']['value']; + $option = stripslashes( $_POST['wp_screen_options']['option'] ); + $value = stripslashes_deep( $_POST['wp_screen_options']['value'] ); if ( !preg_match( '/^[a-z_-]+$/', $option ) ) return; Index: wp-admin/includes/comment.php =================================================================== --- wp-admin/includes/comment.php (revision 21934) +++ wp-admin/includes/comment.php (working copy) @@ -19,9 +19,6 @@ function comment_exists($comment_author, $comment_date) { global $wpdb; - $comment_author = stripslashes($comment_author); - $comment_date = stripslashes($comment_date); - return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); } @@ -33,38 +30,40 @@ */ function edit_comment() { - if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) ) + $post_data = stripslashes_deep( $_POST ); + + if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) ) wp_die ( __( 'You are not allowed to edit comments on this post.' ) ); - $_POST['comment_author'] = $_POST['newcomment_author']; - $_POST['comment_author_email'] = $_POST['newcomment_author_email']; - $_POST['comment_author_url'] = $_POST['newcomment_author_url']; - $_POST['comment_approved'] = $_POST['comment_status']; - $_POST['comment_content'] = $_POST['content']; - $_POST['comment_ID'] = (int) $_POST['comment_ID']; + $post_data['comment_author'] = $post_data['newcomment_author']; + $post_data['comment_author_email'] = $post_data['newcomment_author_email']; + $post_data['comment_author_url'] = $post_data['newcomment_author_url']; + $post_data['comment_approved'] = $post_data['comment_status']; + $post_data['comment_content'] = $post_data['content']; + $post_data['comment_ID'] = (int) $post_data['comment_ID']; foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { - if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { + if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) { $_POST['edit_date'] = '1'; break; } } - if ( !empty ( $_POST['edit_date'] ) ) { - $aa = $_POST['aa']; - $mm = $_POST['mm']; - $jj = $_POST['jj']; - $hh = $_POST['hh']; - $mn = $_POST['mn']; - $ss = $_POST['ss']; + if ( !empty ( $post_data['edit_date'] ) ) { + $aa = $post_data['aa']; + $mm = $post_data['mm']; + $jj = $post_data['jj']; + $hh = $post_data['hh']; + $mn = $post_data['mn']; + $ss = $post_data['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; - $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; + $post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; } - wp_update_comment( $_POST ); + wp_update_comment( $post_data ); } /** Index: wp-admin/includes/image-edit.php =================================================================== --- wp-admin/includes/image-edit.php (revision 21934) +++ wp-admin/includes/image-edit.php (working copy) @@ -437,7 +437,7 @@ } } - if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { + if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { $msg->error = __('Cannot save image metadata.'); return $msg; } @@ -597,7 +597,7 @@ if ( $success ) { wp_update_attachment_metadata($post_id, $meta); - update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); + wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) { $file_url = wp_get_attachment_url($post_id); Index: wp-admin/includes/user.php =================================================================== --- wp-admin/includes/user.php (revision 21934) +++ wp-admin/includes/user.php (working copy) @@ -38,18 +38,21 @@ } else { $update = false; } + + // get clean data before we get started. + $post_data = stripslashes_deep( $_POST ); - if ( !$update && isset( $_POST['user_login'] ) ) - $user->user_login = sanitize_user($_POST['user_login'], true); + if ( !$update && isset( $post_data['user_login'] ) ) + $user->user_login = sanitize_user($post_data['user_login'], true); $pass1 = $pass2 = ''; - if ( isset( $_POST['pass1'] )) - $pass1 = $_POST['pass1']; - if ( isset( $_POST['pass2'] )) - $pass2 = $_POST['pass2']; + if ( isset( $post_data['pass1'] )) + $pass1 = $post_data['pass1']; + if ( isset( $post_data['pass2'] )) + $pass2 = $post_data['pass2']; - if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { - $new_role = sanitize_text_field( $_POST['role'] ); + if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) { + $new_role = sanitize_text_field( $post_data['role'] ); $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. @@ -62,44 +65,44 @@ wp_die(__('You can’t give users that role.')); } - if ( isset( $_POST['email'] )) - $user->user_email = sanitize_text_field( $_POST['email'] ); - if ( isset( $_POST['url'] ) ) { - if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { + if ( isset( $post_data['email'] )) + $user->user_email = sanitize_text_field( $post_data['email'] ); + if ( isset( $post_data['url'] ) ) { + if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) { $user->user_url = ''; } else { - $user->user_url = esc_url_raw( $_POST['url'] ); + $user->user_url = esc_url_raw( $post_data['url'] ); $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; } } - if ( isset( $_POST['first_name'] ) ) - $user->first_name = sanitize_text_field( $_POST['first_name'] ); - if ( isset( $_POST['last_name'] ) ) - $user->last_name = sanitize_text_field( $_POST['last_name'] ); - if ( isset( $_POST['nickname'] ) ) - $user->nickname = sanitize_text_field( $_POST['nickname'] ); - if ( isset( $_POST['display_name'] ) ) - $user->display_name = sanitize_text_field( $_POST['display_name'] ); + if ( isset( $post_data['first_name'] ) ) + $user->first_name = sanitize_text_field( $post_data['first_name'] ); + if ( isset( $post_data['last_name'] ) ) + $user->last_name = sanitize_text_field( $post_data['last_name'] ); + if ( isset( $post_data['nickname'] ) ) + $user->nickname = sanitize_text_field( $post_data['nickname'] ); + if ( isset( $post_data['display_name'] ) ) + $user->display_name = sanitize_text_field( $post_data['display_name'] ); - if ( isset( $_POST['description'] ) ) - $user->description = trim( $_POST['description'] ); + if ( isset( $post_data['description'] ) ) + $user->description = trim( $post_data['description'] ); foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) { - if ( isset( $_POST[$method] )) - $user->$method = sanitize_text_field( $_POST[$method] ); + if ( isset( $post_data[$method] )) + $user->$method = sanitize_text_field( $post_data[$method] ); } if ( $update ) { - $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; - $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; - $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; + $user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true'; + $user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh'; + $user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false'; } - $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; + $user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; - if ( !empty($_POST['use_ssl']) ) + if ( !empty($post_data['use_ssl']) ) $user->use_ssl = 1; $errors = new WP_Error(); @@ -134,7 +137,7 @@ if ( !empty( $pass1 ) ) $user->user_pass = $pass1; - if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) + if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) ) $errors->add( 'user_login', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' )); if ( !$update && username_exists( $user->user_login ) ) @@ -159,7 +162,7 @@ $user_id = wp_update_user( $user ); } else { $user_id = wp_insert_user( $user ); - wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' ); + wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' ); } return $user_id; } Index: wp-admin/includes/media.php =================================================================== --- wp-admin/includes/media.php (revision 21934) +++ wp-admin/includes/media.php (working copy) @@ -422,6 +422,8 @@ } if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { + $attachment = stripslashes_deep( $attachment ); + $post = $_post = get_post($attachment_id, ARRAY_A); $post_type_object = get_post_type_object( $post[ 'post_type' ] ); @@ -446,10 +448,9 @@ if ( isset($attachment['image_alt']) ) { $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true); - if ( $image_alt != stripslashes($attachment['image_alt']) ) { - $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true ); - // update_meta expects slashed - update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) ); + if ( $image_alt != $attachment['image_alt'] ) { + $image_alt = wp_strip_all_tags( $attachment['image_alt'], true ); + wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt ); } } Index: wp-admin/edit-tags.php =================================================================== --- wp-admin/edit-tags.php (revision 21934) +++ wp-admin/edit-tags.php (working copy) @@ -47,7 +47,9 @@ if ( !current_user_can( $tax->cap->edit_terms ) ) wp_die( __( 'Cheatin’ uh?' ) ); - $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); + $post_data = stripslashes_deep( $_POST ); + + $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ( 'post' != $post_type ) $location .= '&post_type=' . $post_type; @@ -132,7 +134,10 @@ break; case 'editedtag': - $tag_ID = (int) $_POST['tag_ID']; + + $post_data = stripslashes_deep( $_POST ); + + $tag_ID = (int) $post_data['tag_ID']; check_admin_referer( 'update-tag_' . $tag_ID ); if ( !current_user_can( $tax->cap->edit_terms ) ) @@ -142,7 +147,7 @@ if ( ! $tag ) wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); - $ret = wp_update_term( $tag_ID, $taxonomy, $_POST ); + $ret = wp_update_term( $tag_ID, $taxonomy, $post_data ); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ( 'post' != $post_type ) Index: wp-admin/custom-header.php =================================================================== --- wp-admin/custom-header.php (revision 21934) +++ wp-admin/custom-header.php (working copy) @@ -992,7 +992,7 @@ 'width' => $choice['width'], ); - update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); + wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); set_theme_mod( 'header_image', $choice['url'] ); set_theme_mod( 'header_image_data', $header_image_data ); return; Index: wp-admin/media.php =================================================================== --- wp-admin/media.php (revision 21934) +++ wp-admin/media.php (working copy) @@ -32,7 +32,7 @@ } if ( false !== strpos($location, 'upload.php') ) { $location = remove_query_arg('message', $location); - $location = add_query_arg('posted', $attachment_id, $location); + $location = add_query_arg('posted', $attachment_id, $location); } elseif ( false !== strpos($location, 'media.php') ) { $location = add_query_arg('message', 'updated', $location); } Index: wp-admin/nav-menus.php =================================================================== --- wp-admin/nav-menus.php (revision 21934) +++ wp-admin/nav-menus.php (working copy) @@ -93,7 +93,7 @@ if ( ! is_wp_error( $parent_object ) ) { $parent_data = (array) $parent_object; $menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent']; - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); } @@ -103,7 +103,7 @@ $menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1; $menu_item_data['menu_item_parent'] = $next_item_data['ID']; - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); wp_update_post($menu_item_data); wp_update_post($next_item_data); @@ -115,7 +115,7 @@ in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids ) ) { $menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true); - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); } } } @@ -190,7 +190,7 @@ $menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1; // save changes - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); wp_update_post($menu_item_data); wp_update_post($parent_data); } @@ -205,7 +205,7 @@ ) { // just make it a child of the previous; keep the order $menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1]; - update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); + wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] ); wp_update_post($menu_item_data); } } Index: wp-admin/custom-background.php =================================================================== --- wp-admin/custom-background.php (revision 21934) +++ wp-admin/custom-background.php (working copy) @@ -381,7 +381,7 @@ // Add the meta-data wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); - update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); + wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); set_theme_mod('background_image', esc_url_raw($url)); @@ -422,7 +422,7 @@ if ( in_array( $_POST['size'], $sizes ) ) $size = esc_attr( $_POST['size'] ); - update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); + wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); $url = wp_get_attachment_image_src( $attachment_id, $size ); $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' ); set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );