mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-03 00:30:11 +00:00
Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767 git-svn-id: https://develop.svn.wordpress.org/trunk@23594 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -583,7 +583,7 @@ function post_password_required( $post = null ) {
|
||||
$wp_hasher = new PasswordHash(8, true);
|
||||
}
|
||||
|
||||
$hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
|
||||
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
|
||||
|
||||
return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
|
||||
}
|
||||
|
||||
@@ -360,7 +360,7 @@ function get_extended($post) {
|
||||
$more_text = '';
|
||||
}
|
||||
|
||||
// Strip leading and trailing whitespace
|
||||
// ` leading and trailing whitespace
|
||||
$main = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $main);
|
||||
$extended = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $extended);
|
||||
$more_text = preg_replace('/^[\s]*(.*)[\s]*$/', '\\1', $more_text);
|
||||
@@ -2797,7 +2797,7 @@ function wp_insert_post($postarr, $wp_error = false) {
|
||||
// expected_slashed (everything!)
|
||||
$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
|
||||
$data = apply_filters('wp_insert_post_data', $data, $postarr);
|
||||
$data = stripslashes_deep( $data );
|
||||
$data = wp_unslash( $data );
|
||||
$where = array( 'ID' => $post_ID );
|
||||
|
||||
if ( $update ) {
|
||||
@@ -2810,7 +2810,7 @@ function wp_insert_post($postarr, $wp_error = false) {
|
||||
}
|
||||
} else {
|
||||
if ( isset($post_mime_type) )
|
||||
$data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
|
||||
$data['post_mime_type'] = wp_unslash( $post_mime_type ); // This isn't in the update
|
||||
// If there is a suggested ID, use it if not already present
|
||||
if ( !empty($import_id) ) {
|
||||
$import_id = (int) $import_id;
|
||||
@@ -2904,14 +2904,14 @@ function wp_update_post( $postarr = array(), $wp_error = false ) {
|
||||
if ( is_object($postarr) ) {
|
||||
// non-escaped post was passed
|
||||
$postarr = get_object_vars($postarr);
|
||||
$postarr = add_magic_quotes($postarr);
|
||||
$postarr = wp_slash($postarr);
|
||||
}
|
||||
|
||||
// First, get all of the original fields
|
||||
$post = get_post($postarr['ID'], ARRAY_A);
|
||||
|
||||
// Escape data pulled from DB.
|
||||
$post = add_magic_quotes($post);
|
||||
$post = wp_slash($post);
|
||||
|
||||
// Passed post category list overwrites existing category list if not empty.
|
||||
if ( isset($postarr['post_category']) && is_array($postarr['post_category'])
|
||||
@@ -3257,7 +3257,7 @@ function add_ping($post_id, $uri) {
|
||||
$new = implode("\n", $pung);
|
||||
$new = apply_filters('add_ping', $new);
|
||||
// expected_slashed ($new)
|
||||
$new = stripslashes($new);
|
||||
$new = wp_unslash($new);
|
||||
return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) );
|
||||
}
|
||||
|
||||
@@ -3350,7 +3350,7 @@ function trackback_url_list($tb_list, $post_id) {
|
||||
$trackback_urls = explode(',', $tb_list);
|
||||
foreach( (array) $trackback_urls as $tb_url) {
|
||||
$tb_url = trim($tb_url);
|
||||
trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
|
||||
trackback($tb_url, wp_unslash($post_title), $excerpt, $post_id);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -3694,8 +3694,8 @@ function get_pages($args = '') {
|
||||
$join = " LEFT JOIN $wpdb->postmeta ON ( $wpdb->posts.ID = $wpdb->postmeta.post_id )";
|
||||
|
||||
// meta_key and meta_value might be slashed
|
||||
$meta_key = stripslashes($meta_key);
|
||||
$meta_value = stripslashes($meta_value);
|
||||
$meta_key = wp_unslash($meta_key);
|
||||
$meta_value = wp_unslash($meta_value);
|
||||
if ( ! empty( $meta_key ) )
|
||||
$where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key);
|
||||
if ( ! empty( $meta_value ) )
|
||||
@@ -3965,7 +3965,7 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
|
||||
|
||||
// expected_slashed (everything!)
|
||||
$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
|
||||
$data = stripslashes_deep( $data );
|
||||
$data = wp_unslash( $data );
|
||||
|
||||
if ( $update ) {
|
||||
$wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) );
|
||||
|
||||
@@ -241,7 +241,7 @@ function _wp_put_post_revision( $post = null, $autosave = false ) {
|
||||
return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) );
|
||||
|
||||
$post = _wp_post_revision_fields( $post, $autosave );
|
||||
$post = add_magic_quotes($post); //since data is from db
|
||||
$post = wp_slash($post); //since data is from db
|
||||
|
||||
$revision_id = wp_insert_post( $post );
|
||||
if ( is_wp_error($revision_id) )
|
||||
@@ -320,7 +320,7 @@ function wp_restore_post_revision( $revision_id, $fields = null ) {
|
||||
|
||||
$update['ID'] = $revision['post_parent'];
|
||||
|
||||
$update = add_magic_quotes( $update ); //since data is from db
|
||||
$update = wp_slash( $update ); //since data is from db
|
||||
|
||||
$post_id = wp_update_post( $update );
|
||||
if ( is_wp_error( $post_id ) )
|
||||
|
||||
@@ -959,7 +959,7 @@ function get_term_by($field, $value, $taxonomy, $output = OBJECT, $filter = 'raw
|
||||
return false;
|
||||
} else if ( 'name' == $field ) {
|
||||
// Assume already escaped
|
||||
$value = stripslashes($value);
|
||||
$value = wp_unslash($value);
|
||||
$field = 't.name';
|
||||
} else {
|
||||
$term = get_term( (int) $value, $taxonomy, $output, $filter);
|
||||
@@ -1499,7 +1499,7 @@ function term_exists($term, $taxonomy = '', $parent = 0) {
|
||||
return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) );
|
||||
}
|
||||
|
||||
$term = trim( stripslashes( $term ) );
|
||||
$term = trim( wp_unslash( $term ) );
|
||||
|
||||
if ( '' === $slug = sanitize_title($term) )
|
||||
return 0;
|
||||
@@ -2062,8 +2062,8 @@ function wp_insert_term( $term, $taxonomy, $args = array() ) {
|
||||
extract($args, EXTR_SKIP);
|
||||
|
||||
// expected_slashed ($name)
|
||||
$name = stripslashes($name);
|
||||
$description = stripslashes($description);
|
||||
$name = wp_unslash($name);
|
||||
$description = wp_unslash($description);
|
||||
|
||||
if ( empty($slug) )
|
||||
$slug = sanitize_title($name);
|
||||
@@ -2445,7 +2445,7 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) {
|
||||
return $term;
|
||||
|
||||
// Escape data pulled from DB.
|
||||
$term = add_magic_quotes($term);
|
||||
$term = wp_slash($term);
|
||||
|
||||
// Merge old and new args with new args overwriting old ones.
|
||||
$args = array_merge($term, $args);
|
||||
@@ -2456,8 +2456,8 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) {
|
||||
extract($args, EXTR_SKIP);
|
||||
|
||||
// expected_slashed ($name)
|
||||
$name = stripslashes($name);
|
||||
$description = stripslashes($description);
|
||||
$name = wp_unslash($name);
|
||||
$description = wp_unslash($description);
|
||||
|
||||
if ( '' == trim($name) )
|
||||
return new WP_Error('empty_term_name', __('A name is required for this term'));
|
||||
|
||||
@@ -1390,7 +1390,7 @@ function wp_insert_user( $userdata ) {
|
||||
}
|
||||
|
||||
$data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' );
|
||||
$data = stripslashes_deep( $data );
|
||||
$data = wp_unslash( $data );
|
||||
|
||||
if ( $update ) {
|
||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||
@@ -1504,8 +1504,8 @@ function wp_update_user($userdata) {
|
||||
* @return int The new user's ID.
|
||||
*/
|
||||
function wp_create_user($username, $password, $email = '') {
|
||||
$user_login = esc_sql( $username );
|
||||
$user_email = esc_sql( $email );
|
||||
$user_login = wp_slash( $username );
|
||||
$user_email = wp_slash( $email );
|
||||
$user_pass = $password;
|
||||
|
||||
$userdata = compact('user_login', 'user_email', 'user_pass');
|
||||
|
||||
Reference in New Issue
Block a user