<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[23563] trunk/wp-admin: Use wp_unslash() instead of stripslashes() and stripslashes_deep().</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/23563">23563</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2013-03-01 17:00:25 +0000 (Fri, 01 Mar 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see <a href="http://core.trac.wordpress.org/ticket/21767">#21767</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadminadminphp">trunk/wp-admin/admin.php</a></li>
<li><a href="#trunkwpadmineditcommentsphp">trunk/wp-admin/edit-comments.php</a></li>
<li><a href="#trunkwpadmineditformadvancedphp">trunk/wp-admin/edit-form-advanced.php</a></li>
<li><a href="#trunkwpadmineditformcommentphp">trunk/wp-admin/edit-form-comment.php</a></li>
<li><a href="#trunkwpadminedittagsphp">trunk/wp-admin/edit-tags.php</a></li>
<li><a href="#trunkwpadmineditphp">trunk/wp-admin/edit.php</a></li>
<li><a href="#trunkwpadminincludesajaxactionsphp">trunk/wp-admin/includes/ajax-actions.php</a></li>
<li><a href="#trunkwpadminincludesbookmarkphp">trunk/wp-admin/includes/bookmark.php</a></li>
<li><a href="#trunkwpadminincludesclasswpcommentslisttablephp">trunk/wp-admin/includes/class-wp-comments-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmssiteslisttablephp">trunk/wp-admin/includes/class-wp-ms-sites-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmsthemeslisttablephp">trunk/wp-admin/includes/class-wp-ms-themes-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmsuserslisttablephp">trunk/wp-admin/includes/class-wp-ms-users-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpplugininstalllisttablephp">trunk/wp-admin/includes/class-wp-plugin-install-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswppluginslisttablephp">trunk/wp-admin/includes/class-wp-plugins-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswptermslisttablephp">trunk/wp-admin/includes/class-wp-terms-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpthemeinstalllisttablephp">trunk/wp-admin/includes/class-wp-theme-install-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpthemeslisttablephp">trunk/wp-admin/includes/class-wp-themes-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpupgraderphp">trunk/wp-admin/includes/class-wp-upgrader.php</a></li>
<li><a href="#trunkwpadminincludesclasswpuserslisttablephp">trunk/wp-admin/includes/class-wp-users-list-table.php</a></li>
<li><a href="#trunkwpadminincludesdashboardphp">trunk/wp-admin/includes/dashboard.php</a></li>
<li><a href="#trunkwpadminincludesdeprecatedphp">trunk/wp-admin/includes/deprecated.php</a></li>
<li><a href="#trunkwpadminincludesfilephp">trunk/wp-admin/includes/file.php</a></li>
<li><a href="#trunkwpadminincludesimageeditphp">trunk/wp-admin/includes/image-edit.php</a></li>
<li><a href="#trunkwpadminincludesmediaphp">trunk/wp-admin/includes/media.php</a></li>
<li><a href="#trunkwpadminincludesmiscphp">trunk/wp-admin/includes/misc.php</a></li>
<li><a href="#trunkwpadminincludesplugininstallphp">trunk/wp-admin/includes/plugin-install.php</a></li>
<li><a href="#trunkwpadminincludespostphp">trunk/wp-admin/includes/post.php</a></li>
<li><a href="#trunkwpadminincludestaxonomyphp">trunk/wp-admin/includes/taxonomy.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadminadminphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/admin.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/admin.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/admin.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx"> do_action('after_db_upgrade');
</span><span class="cx"> } elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) {
</span><span class="cx"> if ( !is_multisite() ) {
</span><del>- wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
</del><ins>+ wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
</ins><span class="cx"> exit;
</span><span class="cx"> } elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
</span><span class="cx"> /**
</span><span class="lines">@@ -82,7 +82,7 @@
</span><span class="cx"> $editing = false;
</span><span class="cx">
</span><span class="cx"> if ( isset($_GET['page']) ) {
</span><del>- $plugin_page = stripslashes($_GET['page']);
</del><ins>+ $plugin_page = wp_unslash( $_GET['page'] );
</ins><span class="cx"> $plugin_page = plugin_basename($plugin_page);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadmineditcommentsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-comments.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-comments.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/edit-comments.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -20,9 +20,9 @@
</span><span class="cx"> check_admin_referer( 'bulk-comments' );
</span><span class="cx">
</span><span class="cx"> if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
</span><del>- $comment_status = $wpdb->escape( $_REQUEST['comment_status'] );
- $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
- $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" );
</del><ins>+ $comment_status = $_REQUEST['comment_status'];
+ $delete_time = $_REQUEST['pagegen_timestamp'];
+ $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
</ins><span class="cx"> $doaction = 'delete';
</span><span class="cx"> } elseif ( isset( $_REQUEST['delete_comments'] ) ) {
</span><span class="cx"> $comment_ids = $_REQUEST['delete_comments'];
</span><span class="lines">@@ -95,7 +95,7 @@
</span><span class="cx"> wp_safe_redirect( $redirect_to );
</span><span class="cx"> exit;
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx"> exit;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -153,7 +153,7 @@
</span><span class="cx"> echo __('Comments');
</span><span class="cx">
</span><span class="cx"> if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
</span><del>- printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
</del><ins>+ printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
</ins><span class="cx"> </h2>
</span><span class="cx">
</span><span class="cx"> <?php
</span></span></pre></div>
<a id="trunkwpadmineditformadvancedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-form-advanced.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-form-advanced.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/edit-form-advanced.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -314,7 +314,7 @@
</span><span class="cx"> <input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
</span><span class="cx"> <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
</span><span class="cx"> <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
</span><del>-<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
</del><ins>+<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
</ins><span class="cx"> <?php if ( ! empty( $active_post_lock ) ) { ?>
</span><span class="cx"> <input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
</span><span class="cx"> <?php
</span></span></pre></div>
<a id="trunkwpadmineditformcommentphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-form-comment.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-form-comment.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/edit-form-comment.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx">
</span><span class="cx"> <input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
</span><span class="cx"> <input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
</span><del>-<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
</del><ins>+<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
</ins><span class="cx"> <?php wp_original_referer_field(true, 'previous'); ?>
</span><span class="cx"> <input type="hidden" name="noredir" value="1" />
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminedittagsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-tags.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-tags.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/edit-tags.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -164,7 +164,7 @@
</span><span class="cx">
</span><span class="cx"> default:
</span><span class="cx"> if ( ! empty($_REQUEST['_wp_http_referer']) ) {
</span><del>- $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) );
</del><ins>+ $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) );
</ins><span class="cx">
</span><span class="cx"> if ( ! empty( $_REQUEST['paged'] ) )
</span><span class="cx"> $location = add_query_arg( 'paged', (int) $_REQUEST['paged'] );
</span><span class="lines">@@ -265,7 +265,7 @@
</span><span class="cx"> <?php screen_icon(); ?>
</span><span class="cx"> <h2><?php echo esc_html( $title );
</span><span class="cx"> if ( !empty($_REQUEST['s']) )
</span><del>- printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
</del><ins>+ printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
</ins><span class="cx"> </h2>
</span><span class="cx">
</span><span class="cx"> <?php if ( isset($_REQUEST['message']) && ( $msg = (int) $_REQUEST['message'] ) ) : ?>
</span></span></pre></div>
<a id="trunkwpadmineditphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/edit.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -138,7 +138,7 @@
</span><span class="cx"> wp_redirect($sendback);
</span><span class="cx"> exit();
</span><span class="cx"> } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
</span><del>- wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
</del><ins>+ wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash($_SERVER['REQUEST_URI']) ) );
</ins><span class="cx"> exit;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminincludesajaxactionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/ajax-actions.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/ajax-actions.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/ajax-actions.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx"> wp_die( 0 );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- $s = stripslashes( $_GET['q'] );
</del><ins>+ $s = wp_unslash( $_GET['q'] );
</ins><span class="cx">
</span><span class="cx"> $comma = _x( ',', 'tag delimiter' );
</span><span class="cx"> if ( ',' !== $comma )
</span><span class="lines">@@ -572,7 +572,7 @@
</span><span class="cx"> continue;
</span><span class="cx"> else if ( is_array( $cat_id ) )
</span><span class="cx"> $cat_id = $cat_id['term_id'];
</span><del>- $cat_name = esc_html(stripslashes($cat_name));
</del><ins>+ $cat_name = esc_html(wp_unslash($cat_name));
</ins><span class="cx"> $x->add( array(
</span><span class="cx"> 'what' => 'link-category',
</span><span class="cx"> 'id' => $cat_id,
</span><span class="lines">@@ -957,8 +957,8 @@
</span><span class="cx"> ) );
</span><span class="cx"> } else { // Update?
</span><span class="cx"> $mid = (int) key( $_POST['meta'] );
</span><del>- $key = stripslashes( $_POST['meta'][$mid]['key'] );
- $value = stripslashes( $_POST['meta'][$mid]['value'] );
</del><ins>+ $key = wp_unslash( $_POST['meta'][$mid]['key'] );
+ $value = wp_unslash( $_POST['meta'][$mid]['value'] );
</ins><span class="cx"> if ( '' == trim($key) )
</span><span class="cx"> wp_die( __( 'Please provide a custom field name.' ) );
</span><span class="cx"> if ( '' == trim($value) )
</span><span class="lines">@@ -1227,7 +1227,7 @@
</span><span class="cx"> $args = array();
</span><span class="cx">
</span><span class="cx"> if ( isset( $_POST['search'] ) )
</span><del>- $args['s'] = stripslashes( $_POST['search'] );
</del><ins>+ $args['s'] = wp_unslash( $_POST['search'] );
</ins><span class="cx"> $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
</span><span class="cx">
</span><span class="cx"> require(ABSPATH . WPINC . '/class-wp-editor.php');
</span><span class="lines">@@ -1328,7 +1328,7 @@
</span><span class="cx"> $data = &$_POST;
</span><span class="cx">
</span><span class="cx"> $post = get_post( $post_ID, ARRAY_A );
</span><del>- $post = add_magic_quotes($post); //since it is from db
</del><ins>+ $post = wp_slash($post); //since it is from db
</ins><span class="cx">
</span><span class="cx"> $data['content'] = $post['post_content'];
</span><span class="cx"> $data['excerpt'] = $post['post_excerpt'];
</span><span class="lines">@@ -1425,7 +1425,7 @@
</span><span class="cx"> $post_types = get_post_types( array( 'public' => true ), 'objects' );
</span><span class="cx"> unset( $post_types['attachment'] );
</span><span class="cx">
</span><del>- $s = stripslashes( $_POST['ps'] );
</del><ins>+ $s = wp_unslash( $_POST['ps'] );
</ins><span class="cx"> $searchand = $search = '';
</span><span class="cx"> $args = array(
</span><span class="cx"> 'post_type' => array_keys( $post_types ),
</span><span class="lines">@@ -1890,7 +1890,7 @@
</span><span class="cx">
</span><span class="cx"> if ( isset( $changes['alt'] ) ) {
</span><span class="cx"> $alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
</span><del>- $new_alt = stripslashes( $changes['alt'] );
</del><ins>+ $new_alt = wp_unslash( $changes['alt'] );
</ins><span class="cx"> if ( $alt != $new_alt ) {
</span><span class="cx"> $new_alt = wp_strip_all_tags( $new_alt, true );
</span><span class="cx"> update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) );
</span><span class="lines">@@ -1990,7 +1990,7 @@
</span><span class="cx"> function wp_ajax_send_attachment_to_editor() {
</span><span class="cx"> check_ajax_referer( 'media-send-to-editor', 'nonce' );
</span><span class="cx">
</span><del>- $attachment = stripslashes_deep( $_POST['attachment'] );
</del><ins>+ $attachment = wp_unslash( $_POST['attachment'] );
</ins><span class="cx">
</span><span class="cx"> $id = intval( $attachment['id'] );
</span><span class="cx">
</span><span class="lines">@@ -2045,7 +2045,7 @@
</span><span class="cx"> function wp_ajax_send_link_to_editor() {
</span><span class="cx"> check_ajax_referer( 'media-send-to-editor', 'nonce' );
</span><span class="cx">
</span><del>- if ( ! $src = stripslashes( $_POST['src'] ) )
</del><ins>+ if ( ! $src = wp_unslash( $_POST['src'] ) )
</ins><span class="cx"> wp_send_json_error();
</span><span class="cx">
</span><span class="cx"> if ( ! strpos( $src, '://' ) )
</span><span class="lines">@@ -2054,7 +2054,7 @@
</span><span class="cx"> if ( ! $src = esc_url_raw( $src ) )
</span><span class="cx"> wp_send_json_error();
</span><span class="cx">
</span><del>- if ( ! $title = trim( stripslashes( $_POST['title'] ) ) )
</del><ins>+ if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )
</ins><span class="cx"> $title = wp_basename( $src );
</span><span class="cx">
</span><span class="cx"> $html = '';
</span><span class="lines">@@ -2114,7 +2114,7 @@
</span><span class="cx"> $screen_id = 'site';
</span><span class="cx">
</span><span class="cx"> if ( ! empty($_POST['data']) ) {
</span><del>- $data = stripslashes_deep( (array) $_POST['data'] );
</del><ins>+ $data = wp_unslash( (array) $_POST['data'] );
</ins><span class="cx"> $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminincludesbookmarkphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/bookmark.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/bookmark.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/bookmark.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -55,12 +55,12 @@
</span><span class="cx"> function get_default_link_to_edit() {
</span><span class="cx"> $link = new stdClass;
</span><span class="cx"> if ( isset( $_GET['linkurl'] ) )
</span><del>- $link->link_url = esc_url( $_GET['linkurl'] );
</del><ins>+ $link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ) );
</ins><span class="cx"> else
</span><span class="cx"> $link->link_url = '';
</span><span class="cx">
</span><span class="cx"> if ( isset( $_GET['name'] ) )
</span><del>- $link->link_name = esc_attr( $_GET['name'] );
</del><ins>+ $link->link_name = esc_attr( wp_unslash( $_GET['name'] ) );
</ins><span class="cx"> else
</span><span class="cx"> $link->link_name = '';
</span><span class="cx">
</span><span class="lines">@@ -137,7 +137,7 @@
</span><span class="cx"> $linkdata = wp_parse_args( $linkdata, $defaults );
</span><span class="cx"> $linkdata = sanitize_bookmark( $linkdata, 'db' );
</span><span class="cx">
</span><del>- extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
</del><ins>+ extract( wp_unslash( $linkdata ), EXTR_SKIP );
</ins><span class="cx">
</span><span class="cx"> $update = false;
</span><span class="cx">
</span><span class="lines">@@ -251,7 +251,7 @@
</span><span class="cx"> $link = get_bookmark( $link_id, ARRAY_A );
</span><span class="cx">
</span><span class="cx"> // Escape data pulled from DB.
</span><del>- $link = add_magic_quotes( $link );
</del><ins>+ $link = wp_slash( $link );
</ins><span class="cx">
</span><span class="cx"> // Passed link category list overwrites existing category list if not empty.
</span><span class="cx"> if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] )
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpcommentslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-comments-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-comments-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-comments-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -170,7 +170,7 @@
</span><span class="cx"> /*
</span><span class="cx"> // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
</span><span class="cx"> if ( !empty( $_REQUEST['s'] ) )
</span><del>- $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link );
</del><ins>+ $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );
</ins><span class="cx"> */
</span><span class="cx"> $status_links[$status] = "<a href='$link'$class>" . sprintf(
</span><span class="cx"> translate_nooped_plural( $label, $num_comments->$status ),
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmssiteslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-sites-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-sites-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-ms-sites-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -29,7 +29,7 @@
</span><span class="cx">
</span><span class="cx"> $pagenum = $this->get_pagenum();
</span><span class="cx">
</span><del>- $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : '';
</del><ins>+ $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';
</ins><span class="cx"> $wild = '';
</span><span class="cx"> if ( false !== strpos($s, '*') ) {
</span><span class="cx"> $wild = '%';
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmsthemeslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-themes-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-themes-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-ms-themes-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -126,7 +126,7 @@
</span><span class="cx"> function _search_callback( $theme ) {
</span><span class="cx"> static $term;
</span><span class="cx"> if ( is_null( $term ) )
</span><del>- $term = stripslashes( $_REQUEST['s'] );
</del><ins>+ $term = wp_unslash( $_REQUEST['s'] );
</ins><span class="cx">
</span><span class="cx"> foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) {
</span><span class="cx"> // Don't mark up; Do translate.
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmsuserslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-users-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-users-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-ms-users-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -173,10 +173,10 @@
</span><span class="cx">
</span><span class="cx"> case 'username':
</span><span class="cx"> $avatar = get_avatar( $user->user_email, 32 );
</span><del>- $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
</del><ins>+ $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
</ins><span class="cx">
</span><span class="cx"> echo "<td $attributes>"; ?>
</span><del>- <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo stripslashes( $user->user_login ); ?></a><?php
</del><ins>+ <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php
</ins><span class="cx"> if ( in_array( $user->user_login, $super_admins ) )
</span><span class="cx"> echo ' - ' . __( 'Super Admin' );
</span><span class="cx"> ?></strong>
</span><span class="lines">@@ -186,7 +186,7 @@
</span><span class="cx"> $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
</span><span class="cx">
</span><span class="cx"> if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) {
</span><del>- $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
</del><ins>+ $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> $actions = apply_filters( 'ms_user_row_actions', $actions, $user );
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpplugininstalllisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-plugin-install-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-plugin-install-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-plugin-install-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -48,8 +48,8 @@
</span><span class="cx">
</span><span class="cx"> switch ( $tab ) {
</span><span class="cx"> case 'search':
</span><del>- $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
- $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
</del><ins>+ $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
+ $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
</ins><span class="cx">
</span><span class="cx"> switch ( $type ) {
</span><span class="cx"> case 'tag':
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case 'favorites':
</span><del>- $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</del><ins>+ $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</ins><span class="cx"> update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
</span><span class="cx"> if ( $user )
</span><span class="cx"> $args['user'] = $user;
</span></span></pre></div>
<a id="trunkwpadminincludesclasswppluginslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-plugins-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-plugins-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-plugins-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -22,7 +22,7 @@
</span><span class="cx"> $status = $_REQUEST['plugin_status'];
</span><span class="cx">
</span><span class="cx"> if ( isset($_REQUEST['s']) )
</span><del>- $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) );
</del><ins>+ $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );
</ins><span class="cx">
</span><span class="cx"> $page = $this->get_pagenum();
</span><span class="cx"> }
</span><span class="lines">@@ -140,7 +140,7 @@
</span><span class="cx"> function _search_callback( $plugin ) {
</span><span class="cx"> static $term;
</span><span class="cx"> if ( is_null( $term ) )
</span><del>- $term = stripslashes( $_REQUEST['s'] );
</del><ins>+ $term = wp_unslash( $_REQUEST['s'] );
</ins><span class="cx">
</span><span class="cx"> foreach ( $plugin as $value )
</span><span class="cx"> if ( stripos( $value, $term ) !== false )
</span></span></pre></div>
<a id="trunkwpadminincludesclasswptermslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-terms-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-terms-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-terms-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -52,7 +52,7 @@
</span><span class="cx"> $tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter
</span><span class="cx"> }
</span><span class="cx">
</span><del>- $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : '';
</del><ins>+ $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
</ins><span class="cx">
</span><span class="cx"> $args = array(
</span><span class="cx"> 'search' => $search,
</span><span class="lines">@@ -61,10 +61,10 @@
</span><span class="cx"> );
</span><span class="cx">
</span><span class="cx"> if ( !empty( $_REQUEST['orderby'] ) )
</span><del>- $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) );
</del><ins>+ $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
</ins><span class="cx">
</span><span class="cx"> if ( !empty( $_REQUEST['order'] ) )
</span><del>- $args['order'] = trim( stripslashes( $_REQUEST['order'] ) );
</del><ins>+ $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
</ins><span class="cx">
</span><span class="cx"> $this->callback_args = $args;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpthemeinstalllisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-theme-install-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-theme-install-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-theme-install-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -24,7 +24,7 @@
</span><span class="cx"> $search_terms = array();
</span><span class="cx"> $search_string = '';
</span><span class="cx"> if ( ! empty( $_REQUEST['s'] ) ){
</span><del>- $search_string = strtolower( stripslashes( $_REQUEST['s'] ) );
</del><ins>+ $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) );
</ins><span class="cx"> $search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) );
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx">
</span><span class="cx"> switch ( $tab ) {
</span><span class="cx"> case 'search':
</span><del>- $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
</del><ins>+ $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
</ins><span class="cx"> switch ( $type ) {
</span><span class="cx"> case 'tag':
</span><span class="cx"> $args['tag'] = array_map( 'sanitize_key', $search_terms );
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpthemeslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-themes-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-themes-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-themes-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx"> $themes = wp_get_themes( array( 'allowed' => true ) );
</span><span class="cx">
</span><span class="cx"> if ( ! empty( $_REQUEST['s'] ) )
</span><del>- $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) );
</del><ins>+ $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) );
</ins><span class="cx">
</span><span class="cx"> if ( ! empty( $_REQUEST['features'] ) )
</span><span class="cx"> $this->features = $_REQUEST['features'];
</span><span class="lines">@@ -235,7 +235,7 @@
</span><span class="cx"> * @uses _pagination_args['total_pages']
</span><span class="cx"> */
</span><span class="cx"> function _js_vars( $extra_args = array() ) {
</span><del>- $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
</del><ins>+ $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
</ins><span class="cx">
</span><span class="cx"> $args = array(
</span><span class="cx"> 'search' => $search_string,
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpupgraderphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-upgrader.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-upgrader.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-upgrader.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -1427,7 +1427,7 @@
</span><span class="cx">
</span><span class="cx"> $install_actions = array();
</span><span class="cx">
</span><del>- $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
</del><ins>+ $from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins';
</ins><span class="cx">
</span><span class="cx"> if ( 'import' == $from )
</span><span class="cx"> $install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;from=import&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin &amp; Run Importer') . '</a>';
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpuserslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-users-list-table.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-users-list-table.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/class-wp-users-list-table.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -241,7 +241,7 @@
</span><span class="cx"> // Check if the user for this row is editable
</span><span class="cx"> if ( current_user_can( 'list_users' ) ) {
</span><span class="cx"> // Set up the user editing link
</span><del>- $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
</del><ins>+ $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
</ins><span class="cx">
</span><span class="cx"> // Set up the hover actions for this user
</span><span class="cx"> $actions = array();
</span></span></pre></div>
<a id="trunkwpadminincludesdashboardphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/dashboard.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/dashboard.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/dashboard.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -1093,7 +1093,7 @@
</span><span class="cx"> $widget_options[$widget_id]['number'] = $number;
</span><span class="cx">
</span><span class="cx"> if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) {
</span><del>- $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] );
</del><ins>+ $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
</ins><span class="cx"> $widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
</span><span class="cx"> // title is optional. If black, fill it if possible
</span><span class="cx"> if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) {
</span></span></pre></div>
<a id="trunkwpadminincludesdeprecatedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/deprecated.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/deprecated.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/deprecated.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -472,7 +472,7 @@
</span><span class="cx"> function WP_User_Search ($search_term = '', $page = '', $role = '') {
</span><span class="cx"> _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
</span><span class="cx">
</span><del>- $this->search_term = stripslashes( $search_term );
</del><ins>+ $this->search_term = wp_unslash( $search_term );
</ins><span class="cx"> $this->raw_page = ( '' == $page ) ? false : (int) $page;
</span><span class="cx"> $this->page = (int) ( '' == $page ) ? 1 : $page;
</span><span class="cx"> $this->role = $role;
</span><span class="lines">@@ -551,7 +551,7 @@
</span><span class="cx"> * @access public
</span><span class="cx"> */
</span><span class="cx"> function prepare_vars_for_template_usage() {
</span><del>- $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
</del><ins>+ $this->search_term = wp_unslash($this->search_term); // done with DB, from now on we want slashes gone
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpadminincludesfilephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/file.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/file.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/file.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -901,13 +901,13 @@
</span><span class="cx"> $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
</span><span class="cx">
</span><span class="cx"> // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
</span><del>- $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
- $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
- $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
</del><ins>+ $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
+ $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
+ $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
</ins><span class="cx">
</span><span class="cx"> // Check to see if we are setting the public/private keys for ssh
</span><del>- $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
- $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
</del><ins>+ $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
+ $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
</ins><span class="cx">
</span><span class="cx"> //sanitize the hostname, Some people might pass in odd-data:
</span><span class="cx"> $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
</span><span class="lines">@@ -925,7 +925,7 @@
</span><span class="cx"> else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
</span><span class="cx"> $credentials['connection_type'] = 'ftps';
</span><span class="cx"> else if ( !empty($_POST['connection_type']) )
</span><del>- $credentials['connection_type'] = stripslashes($_POST['connection_type']);
</del><ins>+ $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
</ins><span class="cx"> else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
</span><span class="cx"> $credentials['connection_type'] = 'ftp';
</span><span class="cx">
</span><span class="lines">@@ -1050,7 +1050,7 @@
</span><span class="cx"> <?php
</span><span class="cx"> foreach ( (array) $extra_fields as $field ) {
</span><span class="cx"> if ( isset( $_POST[ $field ] ) )
</span><del>- echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '" />';
</del><ins>+ echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
</ins><span class="cx"> }
</span><span class="cx"> submit_button( __( 'Proceed' ), 'button', 'upgrade' );
</span><span class="cx"> ?>
</span></span></pre></div>
<a id="trunkwpadminincludesimageeditphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/image-edit.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/image-edit.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/image-edit.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -454,7 +454,7 @@
</span><span class="cx"> if ( is_wp_error( $img ) )
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null;
</del><ins>+ $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash($_REQUEST['history']) ) : null;
</ins><span class="cx"> if ( $changes )
</span><span class="cx"> $img = image_edit_apply_changes( $img, $changes );
</span><span class="cx">
</span><span class="lines">@@ -587,7 +587,7 @@
</span><span class="cx"> return $return;
</span><span class="cx"> }
</span><span class="cx"> } elseif ( !empty($_REQUEST['history']) ) {
</span><del>- $changes = json_decode( stripslashes($_REQUEST['history']) );
</del><ins>+ $changes = json_decode( wp_unslash($_REQUEST['history']) );
</ins><span class="cx"> if ( $changes )
</span><span class="cx"> $img = image_edit_apply_changes($img, $changes);
</span><span class="cx"> } else {
</span></span></pre></div>
<a id="trunkwpadminincludesmediaphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/media.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/media.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/media.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -468,8 +468,8 @@
</span><span class="cx">
</span><span class="cx"> if ( isset($attachment['image_alt']) ) {
</span><span class="cx"> $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
</span><del>- if ( $image_alt != stripslashes($attachment['image_alt']) ) {
- $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
</del><ins>+ if ( $image_alt != wp_unslash($attachment['image_alt']) ) {
+ $image_alt = wp_strip_all_tags( wp_unslash($attachment['image_alt']), true );
</ins><span class="cx"> // update_meta expects slashed
</span><span class="cx"> update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
</span><span class="cx"> }
</span><span class="lines">@@ -501,7 +501,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( isset($send_id) ) {
</span><del>- $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
</del><ins>+ $attachment = wp_unslash( $_POST['attachments'][$send_id] );
</ins><span class="cx">
</span><span class="cx"> $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
</span><span class="cx"> if ( !empty($attachment['url']) ) {
</span><span class="lines">@@ -546,7 +546,7 @@
</span><span class="cx"> $src = "http://$src";
</span><span class="cx">
</span><span class="cx"> if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) {
</span><del>- $title = esc_html( stripslashes( $_POST['title'] ) );
</del><ins>+ $title = esc_html( wp_unslash( $_POST['title'] ) );
</ins><span class="cx"> if ( empty( $title ) )
</span><span class="cx"> $title = esc_html( basename( $src ) );
</span><span class="cx">
</span><span class="lines">@@ -561,9 +561,9 @@
</span><span class="cx"> $html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title );
</span><span class="cx"> } else {
</span><span class="cx"> $align = '';
</span><del>- $alt = esc_attr( stripslashes( $_POST['alt'] ) );
</del><ins>+ $alt = esc_attr( wp_unslash( $_POST['alt'] ) );
</ins><span class="cx"> if ( isset($_POST['align']) ) {
</span><del>- $align = esc_attr( stripslashes( $_POST['align'] ) );
</del><ins>+ $align = esc_attr( wp_unslash( $_POST['align'] ) );
</ins><span class="cx"> $class = " class='align$align'";
</span><span class="cx"> }
</span><span class="cx"> if ( !empty($src) )
</span></span></pre></div>
<a id="trunkwpadminincludesmiscphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/misc.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/misc.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/misc.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -220,7 +220,7 @@
</span><span class="cx"> * @return string
</span><span class="cx"> */
</span><span class="cx"> function url_shorten( $url ) {
</span><del>- $short_url = str_replace( 'http://', '', stripslashes( $url ));
</del><ins>+ $short_url = str_replace( 'http://', '', wp_unslash( $url ));
</ins><span class="cx"> $short_url = str_replace( 'www.', '', $short_url );
</span><span class="cx"> $short_url = untrailingslashit( $short_url );
</span><span class="cx"> if ( strlen( $short_url ) > 35 )
</span></span></pre></div>
<a id="trunkwpadminincludesplugininstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/plugin-install.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/plugin-install.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/plugin-install.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -116,8 +116,8 @@
</span><span class="cx"> * @since 2.7.0
</span><span class="cx"> */
</span><span class="cx"> function install_search_form( $type_selector = true ) {
</span><del>- $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term';
- $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
</del><ins>+ $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term';
+ $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : '';
</ins><span class="cx">
</span><span class="cx"> ?><form id="search-plugins" method="get" action="">
</span><span class="cx"> <input type="hidden" name="tab" value="search" />
</span><span class="lines">@@ -160,7 +160,7 @@
</span><span class="cx"> *
</span><span class="cx"> */
</span><span class="cx"> function install_plugins_favorites_form() {
</span><del>- $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</del><ins>+ $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</ins><span class="cx"> ?>
</span><span class="cx"> <p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
</span><span class="cx"> <form method="get" action="">
</span><span class="lines">@@ -251,7 +251,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> if ( isset($_GET['from']) )
</span><del>- $url .= '&amp;from=' . urlencode(stripslashes($_GET['from']));
</del><ins>+ $url .= '&amp;from=' . urlencode( wp_unslash( $_GET['from'] ) );
</ins><span class="cx">
</span><span class="cx"> return compact('status', 'url', 'version');
</span><span class="cx"> }
</span><span class="lines">@@ -264,7 +264,7 @@
</span><span class="cx"> function install_plugin_information() {
</span><span class="cx"> global $tab;
</span><span class="cx">
</span><del>- $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) ));
</del><ins>+ $api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) ));
</ins><span class="cx">
</span><span class="cx"> if ( is_wp_error($api) )
</span><span class="cx"> wp_die($api);
</span><span class="lines">@@ -295,7 +295,7 @@
</span><span class="cx"> $api->$key = wp_kses( $api->$key, $plugins_allowedtags );
</span><span class="cx"> }
</span><span class="cx">
</span><del>- $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
</del><ins>+ $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
</ins><span class="cx"> if ( empty($section) || ! isset($api->sections[ $section ]) )
</span><span class="cx"> $section = array_shift( $section_titles = array_keys((array)$api->sections) );
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminincludespostphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/post.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/post.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/post.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -197,7 +197,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( isset( $post_data[ '_wp_format_url' ] ) ) {
</span><del>- update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( stripslashes( $post_data['_wp_format_url'] ) ) ) );
</del><ins>+ update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> $format_keys = array( 'quote', 'quote_source', 'image', 'gallery', 'media' );
</span><span class="lines">@@ -236,8 +236,8 @@
</span><span class="cx"> if ( 'attachment' == $post_data['post_type'] ) {
</span><span class="cx"> if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
</span><span class="cx"> $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
</span><del>- if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
- $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
</del><ins>+ if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) {
+ $image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );
</ins><span class="cx"> // update_meta expects slashed
</span><span class="cx"> update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
</span><span class="cx"> }
</span><span class="lines">@@ -430,15 +430,15 @@
</span><span class="cx">
</span><span class="cx"> $post_title = '';
</span><span class="cx"> if ( !empty( $_REQUEST['post_title'] ) )
</span><del>- $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
</del><ins>+ $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
</ins><span class="cx">
</span><span class="cx"> $post_content = '';
</span><span class="cx"> if ( !empty( $_REQUEST['content'] ) )
</span><del>- $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
</del><ins>+ $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
</ins><span class="cx">
</span><span class="cx"> $post_excerpt = '';
</span><span class="cx"> if ( !empty( $_REQUEST['excerpt'] ) )
</span><del>- $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
</del><ins>+ $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
</ins><span class="cx">
</span><span class="cx"> if ( $create_in_db ) {
</span><span class="cx"> $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) );
</span><span class="lines">@@ -487,9 +487,9 @@
</span><span class="cx"> function post_exists($title, $content = '', $date = '') {
</span><span class="cx"> global $wpdb;
</span><span class="cx">
</span><del>- $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
- $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
- $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
</del><ins>+ $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
+ $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
+ $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
</ins><span class="cx">
</span><span class="cx"> $query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
</span><span class="cx"> $args = array();
</span><span class="lines">@@ -620,8 +620,8 @@
</span><span class="cx"> global $wpdb;
</span><span class="cx"> $post_ID = (int) $post_ID;
</span><span class="cx">
</span><del>- $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
- $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
</del><ins>+ $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
+ $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
</ins><span class="cx"> $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
</span><span class="cx"> if ( is_string( $metavalue ) )
</span><span class="cx"> $metavalue = trim( $metavalue );
</span><span class="lines">@@ -719,8 +719,8 @@
</span><span class="cx"> * @return unknown
</span><span class="cx"> */
</span><span class="cx"> function update_meta( $meta_id, $meta_key, $meta_value ) {
</span><del>- $meta_key = stripslashes( $meta_key );
- $meta_value = stripslashes_deep( $meta_value );
</del><ins>+ $meta_key = wp_unslash( $meta_key );
+ $meta_value = wp_unslash( $meta_value );
</ins><span class="cx">
</span><span class="cx"> return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
</span><span class="cx"> }
</span><span class="lines">@@ -1245,7 +1245,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // _wp_put_post_revision() expects unescaped.
</span><del>- $_POST = stripslashes_deep($_POST);
</del><ins>+ $_POST = wp_unslash($_POST);
</ins><span class="cx">
</span><span class="cx"> // Otherwise create the new autosave as a special post revision
</span><span class="cx"> return _wp_put_post_revision( $_POST, true );
</span></span></pre></div>
<a id="trunkwpadminincludestaxonomyphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/taxonomy.php (23562 => 23563)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/taxonomy.php 2013-03-01 16:56:15 UTC (rev 23562)
+++ trunk/wp-admin/includes/taxonomy.php 2013-03-01 17:00:25 UTC (rev 23563)
</span><span class="lines">@@ -158,7 +158,7 @@
</span><span class="cx"> $category = get_category($cat_ID, ARRAY_A);
</span><span class="cx">
</span><span class="cx"> // Escape data pulled from DB.
</span><del>- $category = add_magic_quotes($category);
</del><ins>+ $category = wp_slash($category);
</ins><span class="cx">
</span><span class="cx"> // Merge old and new fields with new fields overwriting old ones.
</span><span class="cx"> $catarr = array_merge($category, $catarr);
</span></span></pre>
</div>
</div>
</body>
</html>