vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-07 22:24:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

Browse Source 
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23594 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2013-03-03 21:11:40 +00:00
parent c61b68d896
commit 6d2a8d2ef0
8 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wp-trackback.php
View File

@@ -45,9 +45,9 @@ $tb_url = isset($_POST['url']) ? $_POST['url'] : '';
$charset = isset($_POST['charset']) ? $_POST['charset'] : '';
// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
$title = isset($_POST['title']) ? stripslashes($_POST['title']) : '';
$excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';
$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';
$title = isset($_POST['title']) ? wp_unslash($_POST['title']) : '';
$excerpt = isset($_POST['excerpt']) ? wp_unslash($_POST['excerpt']) : '';
$blog_name = isset($_POST['blog_name']) ? wp_unslash($_POST['blog_name']) : '';
if ($charset)
$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
@@ -65,9 +65,9 @@ if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
}
// Now that mb_convert_encoding() has been given a swing, we need to escape these three
$title = $wpdb->escape($title);
$excerpt = $wpdb->escape($excerpt);
$blog_name = $wpdb->escape($blog_name);
$title = wp_slash($title);
$excerpt = wp_slash($excerpt);
$blog_name = wp_slash($blog_name);
if ( is_single() || is_page() )
$tb_id = $posts[0]->ID;