<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[23554] trunk: Revert 23416, 23419, 23445 except for wp_reset_vars() changes.</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/23554">23554</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2013-03-01 16:28:40 +0000 (Fri, 01 Mar 2013)</dd>
</dl>

<h3>Log Message</h3>
<pre>Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see <a href="http://core.trac.wordpress.org/ticket/21767">#21767</a></pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadminadminphp">trunk/wp-admin/admin.php</a></li>
<li><a href="#trunkwpadmincustombackgroundphp">trunk/wp-admin/custom-background.php</a></li>
<li><a href="#trunkwpadmincustomheaderphp">trunk/wp-admin/custom-header.php</a></li>
<li><a href="#trunkwpadmineditcommentsphp">trunk/wp-admin/edit-comments.php</a></li>
<li><a href="#trunkwpadmineditformadvancedphp">trunk/wp-admin/edit-form-advanced.php</a></li>
<li><a href="#trunkwpadmineditformcommentphp">trunk/wp-admin/edit-form-comment.php</a></li>
<li><a href="#trunkwpadmineditlinkformphp">trunk/wp-admin/edit-link-form.php</a></li>
<li><a href="#trunkwpadminedittagsphp">trunk/wp-admin/edit-tags.php</a></li>
<li><a href="#trunkwpadmineditphp">trunk/wp-admin/edit.php</a></li>
<li><a href="#trunkwpadminincludesajaxactionsphp">trunk/wp-admin/includes/ajax-actions.php</a></li>
<li><a href="#trunkwpadminincludesbookmarkphp">trunk/wp-admin/includes/bookmark.php</a></li>
<li><a href="#trunkwpadminincludesclasswpcommentslisttablephp">trunk/wp-admin/includes/class-wp-comments-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmssiteslisttablephp">trunk/wp-admin/includes/class-wp-ms-sites-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmsthemeslisttablephp">trunk/wp-admin/includes/class-wp-ms-themes-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpmsuserslisttablephp">trunk/wp-admin/includes/class-wp-ms-users-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpplugininstalllisttablephp">trunk/wp-admin/includes/class-wp-plugin-install-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswppluginslisttablephp">trunk/wp-admin/includes/class-wp-plugins-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswptermslisttablephp">trunk/wp-admin/includes/class-wp-terms-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpthemeinstalllisttablephp">trunk/wp-admin/includes/class-wp-theme-install-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpthemeslisttablephp">trunk/wp-admin/includes/class-wp-themes-list-table.php</a></li>
<li><a href="#trunkwpadminincludesclasswpupgraderphp">trunk/wp-admin/includes/class-wp-upgrader.php</a></li>
<li><a href="#trunkwpadminincludesclasswpuserslisttablephp">trunk/wp-admin/includes/class-wp-users-list-table.php</a></li>
<li><a href="#trunkwpadminincludescommentphp">trunk/wp-admin/includes/comment.php</a></li>
<li><a href="#trunkwpadminincludesdashboardphp">trunk/wp-admin/includes/dashboard.php</a></li>
<li><a href="#trunkwpadminincludesdeprecatedphp">trunk/wp-admin/includes/deprecated.php</a></li>
<li><a href="#trunkwpadminincludesfilephp">trunk/wp-admin/includes/file.php</a></li>
<li><a href="#trunkwpadminincludesimageeditphp">trunk/wp-admin/includes/image-edit.php</a></li>
<li><a href="#trunkwpadminincludesmediaphp">trunk/wp-admin/includes/media.php</a></li>
<li><a href="#trunkwpadminincludesmiscphp">trunk/wp-admin/includes/misc.php</a></li>
<li><a href="#trunkwpadminincludesplugininstallphp">trunk/wp-admin/includes/plugin-install.php</a></li>
<li><a href="#trunkwpadminincludespostphp">trunk/wp-admin/includes/post.php</a></li>
<li><a href="#trunkwpadminincludesschemaphp">trunk/wp-admin/includes/schema.php</a></li>
<li><a href="#trunkwpadminincludestaxonomyphp">trunk/wp-admin/includes/taxonomy.php</a></li>
<li><a href="#trunkwpadminincludestemplatephp">trunk/wp-admin/includes/template.php</a></li>
<li><a href="#trunkwpadminincludesthemeinstallphp">trunk/wp-admin/includes/theme-install.php</a></li>
<li><a href="#trunkwpadminincludesupgradephp">trunk/wp-admin/includes/upgrade.php</a></li>
<li><a href="#trunkwpadminincludesuserphp">trunk/wp-admin/includes/user.php</a></li>
<li><a href="#trunkwpadmininstallphp">trunk/wp-admin/install.php</a></li>
<li><a href="#trunkwpadminlinkmanagerphp">trunk/wp-admin/link-manager.php</a></li>
<li><a href="#trunkwpadminmediaphp">trunk/wp-admin/media.php</a></li>
<li><a href="#trunkwpadminnavmenusphp">trunk/wp-admin/nav-menus.php</a></li>
<li><a href="#trunkwpadminnetworksettingsphp">trunk/wp-admin/network/settings.php</a></li>
<li><a href="#trunkwpadminnetworksiteinfophp">trunk/wp-admin/network/site-info.php</a></li>
<li><a href="#trunkwpadminnetworksitenewphp">trunk/wp-admin/network/site-new.php</a></li>
<li><a href="#trunkwpadminnetworksitesettingsphp">trunk/wp-admin/network/site-settings.php</a></li>
<li><a href="#trunkwpadminnetworksitesphp">trunk/wp-admin/network/sites.php</a></li>
<li><a href="#trunkwpadminnetworkphp">trunk/wp-admin/network.php</a></li>
<li><a href="#trunkwpadminoptionsheadphp">trunk/wp-admin/options-head.php</a></li>
<li><a href="#trunkwpadminoptionsphp">trunk/wp-admin/options.php</a></li>
<li><a href="#trunkwpadminplugineditorphp">trunk/wp-admin/plugin-editor.php</a></li>
<li><a href="#trunkwpadminpressthisphp">trunk/wp-admin/press-this.php</a></li>
<li><a href="#trunkwpadminsetupconfigphp">trunk/wp-admin/setup-config.php</a></li>
<li><a href="#trunkwpadminthemeeditorphp">trunk/wp-admin/theme-editor.php</a></li>
<li><a href="#trunkwpadminupdatephp">trunk/wp-admin/update.php</a></li>
<li><a href="#trunkwpadminupgradephp">trunk/wp-admin/upgrade.php</a></li>
<li><a href="#trunkwpadminuploadphp">trunk/wp-admin/upload.php</a></li>
<li><a href="#trunkwpadminusereditphp">trunk/wp-admin/user-edit.php</a></li>
<li><a href="#trunkwpadminusernewphp">trunk/wp-admin/user-new.php</a></li>
<li><a href="#trunkwpadminusersphp">trunk/wp-admin/users.php</a></li>
<li><a href="#trunkwpcommentspostphp">trunk/wp-comments-post.php</a></li>
<li><a href="#trunkwpincludesclasswpcustomizemanagerphp">trunk/wp-includes/class-wp-customize-manager.php</a></li>
<li><a href="#trunkwpincludesclasswpcustomizesettingphp">trunk/wp-includes/class-wp-customize-setting.php</a></li>
<li><a href="#trunkwpincludesclasswpxmlrpcserverphp">trunk/wp-includes/class-wp-xmlrpc-server.php</a></li>
<li><a href="#trunkwpincludesclasswpphp">trunk/wp-includes/class-wp.php</a></li>
<li><a href="#trunkwpincludescommentphp">trunk/wp-includes/comment.php</a></li>
<li><a href="#trunkwpincludescronphp">trunk/wp-includes/cron.php</a></li>
<li><a href="#trunkwpincludesdefaultfiltersphp">trunk/wp-includes/default-filters.php</a></li>
<li><a href="#trunkwpincludesdefaultwidgetsphp">trunk/wp-includes/default-widgets.php</a></li>
<li><a href="#trunkwpincludesdeprecatedphp">trunk/wp-includes/deprecated.php</a></li>
<li><a href="#trunkwpincludesfeedphp">trunk/wp-includes/feed.php</a></li>
<li><a href="#trunkwpincludesformattingphp">trunk/wp-includes/formatting.php</a></li>
<li><a href="#trunkwpincludesfunctionsphp">trunk/wp-includes/functions.php</a></li>
<li><a href="#trunkwpincludesksesphp">trunk/wp-includes/kses.php</a></li>
<li><a href="#trunkwpincludeslinktemplatephp">trunk/wp-includes/link-template.php</a></li>
<li><a href="#trunkwpincludesmetaphp">trunk/wp-includes/meta.php</a></li>
<li><a href="#trunkwpincludesmsfilesphp">trunk/wp-includes/ms-files.php</a></li>
<li><a href="#trunkwpincludesmsfunctionsphp">trunk/wp-includes/ms-functions.php</a></li>
<li><a href="#trunkwpincludesnavmenuphp">trunk/wp-includes/nav-menu.php</a></li>
<li><a href="#trunkwpincludespluggablephp">trunk/wp-includes/pluggable.php</a></li>
<li><a href="#trunkwpincludesposttemplatephp">trunk/wp-includes/post-template.php</a></li>
<li><a href="#trunkwpincludespostphp">trunk/wp-includes/post.php</a></li>
<li><a href="#trunkwpincludesqueryphp">trunk/wp-includes/query.php</a></li>
<li><a href="#trunkwpincludesrevisionphp">trunk/wp-includes/revision.php</a></li>
<li><a href="#trunkwpincludestaxonomyphp">trunk/wp-includes/taxonomy.php</a></li>
<li><a href="#trunkwpincludesuserphp">trunk/wp-includes/user.php</a></li>
<li><a href="#trunkwpincludeswidgetsphp">trunk/wp-includes/widgets.php</a></li>
<li><a href="#trunkwploginphp">trunk/wp-login.php</a></li>
<li><a href="#trunkwpmailphp">trunk/wp-mail.php</a></li>
<li><a href="#trunkwptrackbackphp">trunk/wp-trackback.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadminadminphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/admin.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/admin.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/admin.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx">         do_action('after_db_upgrade');
</span><span class="cx"> } elseif ( get_option('db_version') != $wp_db_version &amp;&amp; empty($_POST) ) {
</span><span class="cx">         if ( !is_multisite() ) {
</span><del>-                wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
</del><ins>+                wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
</ins><span class="cx">                 exit;
</span><span class="cx">         } elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
</span><span class="cx">                 /**
</span><span class="lines">@@ -82,7 +82,7 @@
</span><span class="cx"> $editing = false;
</span><span class="cx"> 
</span><span class="cx"> if ( isset($_GET['page']) ) {
</span><del>-        $plugin_page = wp_unslash( $_GET['page'] );
</del><ins>+        $plugin_page = stripslashes($_GET['page']);
</ins><span class="cx">         $plugin_page = plugin_basename($plugin_page);
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadmincustombackgroundphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/custom-background.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/custom-background.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/custom-background.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -378,7 +378,7 @@
</span><span class="cx"> 
</span><span class="cx">                 // Add the meta-data
</span><span class="cx">                 wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
</span><del>-                wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
</del><ins>+                update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
</ins><span class="cx"> 
</span><span class="cx">                 set_theme_mod('background_image', esc_url_raw($url));
</span><span class="cx"> 
</span><span class="lines">@@ -415,7 +415,7 @@
</span><span class="cx">                 if ( in_array( $_POST['size'], $sizes ) )
</span><span class="cx">                         $size = esc_attr( $_POST['size'] );
</span><span class="cx"> 
</span><del>-                wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
</del><ins>+                update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
</ins><span class="cx">                 $url = wp_get_attachment_image_src( $attachment_id, $size );
</span><span class="cx">                 $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
</span><span class="cx">                 set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );
</span></span></pre></div>
<a id="trunkwpadmincustomheaderphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/custom-header.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/custom-header.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/custom-header.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -948,7 +948,7 @@
</span><span class="cx">                                 'width'         =&gt; $choice['width'],
</span><span class="cx">                         );
</span><span class="cx"> 
</span><del>-                        wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
</del><ins>+                        update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
</ins><span class="cx">                         set_theme_mod( 'header_image', $choice['url'] );
</span><span class="cx">                         set_theme_mod( 'header_image_data', $header_image_data );
</span><span class="cx">                         return;
</span></span></pre></div>
<a id="trunkwpadmineditcommentsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-comments.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-comments.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/edit-comments.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -20,9 +20,9 @@
</span><span class="cx">         check_admin_referer( 'bulk-comments' );
</span><span class="cx"> 
</span><span class="cx">         if ( 'delete_all' == $doaction &amp;&amp; !empty( $_REQUEST['pagegen_timestamp'] ) ) {
</span><del>-                $comment_status = $_REQUEST['comment_status'];
-                $delete_time = $_REQUEST['pagegen_timestamp'];
-                $comment_ids = $wpdb-&gt;get_col( $wpdb-&gt;prepare( &quot;SELECT comment_ID FROM $wpdb-&gt;comments WHERE comment_approved = %s AND %s &gt; comment_date_gmt&quot;, $comment_status, $delete_time ) );
</del><ins>+                $comment_status = $wpdb-&gt;escape( $_REQUEST['comment_status'] );
+                $delete_time = $wpdb-&gt;escape( $_REQUEST['pagegen_timestamp'] );
+                $comment_ids = $wpdb-&gt;get_col( &quot;SELECT comment_ID FROM $wpdb-&gt;comments WHERE comment_approved = '$comment_status' AND '$delete_time' &gt; comment_date_gmt&quot; );
</ins><span class="cx">                 $doaction = 'delete';
</span><span class="cx">         } elseif ( isset( $_REQUEST['delete_comments'] ) ) {
</span><span class="cx">                 $comment_ids = $_REQUEST['delete_comments'];
</span><span class="lines">@@ -95,7 +95,7 @@
</span><span class="cx">         wp_safe_redirect( $redirect_to );
</span><span class="cx">         exit;
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>-         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">          exit;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -153,7 +153,7 @@
</span><span class="cx">         echo __('Comments');
</span><span class="cx"> 
</span><span class="cx"> if ( isset($_REQUEST['s']) &amp;&amp; $_REQUEST['s'] )
</span><del>-        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . sprintf( __( 'Search results for &amp;#8220;%s&amp;#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '&lt;/span&gt;' ); ?&gt;
</del><ins>+        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . sprintf( __( 'Search results for &amp;#8220;%s&amp;#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '&lt;/span&gt;' ); ?&gt;
</ins><span class="cx"> &lt;/h2&gt;
</span><span class="cx"> 
</span><span class="cx"> &lt;?php
</span></span></pre></div>
<a id="trunkwpadmineditformadvancedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-form-advanced.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-form-advanced.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/edit-form-advanced.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -314,7 +314,7 @@
</span><span class="cx"> &lt;input type=&quot;hidden&quot; id=&quot;post_author&quot; name=&quot;post_author&quot; value=&quot;&lt;?php echo esc_attr( $post-&gt;post_author ); ?&gt;&quot; /&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; id=&quot;post_type&quot; name=&quot;post_type&quot; value=&quot;&lt;?php echo esc_attr( $post_type ) ?&gt;&quot; /&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; id=&quot;original_post_status&quot; name=&quot;original_post_status&quot; value=&quot;&lt;?php echo esc_attr( $post-&gt;post_status) ?&gt;&quot; /&gt;
</span><del>-&lt;input type=&quot;hidden&quot; id=&quot;referredby&quot; name=&quot;referredby&quot; value=&quot;&lt;?php echo esc_url( wp_get_referer() ); ?&gt;&quot; /&gt;
</del><ins>+&lt;input type=&quot;hidden&quot; id=&quot;referredby&quot; name=&quot;referredby&quot; value=&quot;&lt;?php echo esc_url(stripslashes(wp_get_referer())); ?&gt;&quot; /&gt;
</ins><span class="cx"> &lt;?php if ( ! empty( $active_post_lock ) ) { ?&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; id=&quot;active_post_lock&quot; value=&quot;&lt;?php echo esc_attr( implode( ':', $active_post_lock ) ); ?&gt;&quot; /&gt;
</span><span class="cx"> &lt;?php
</span></span></pre></div>
<a id="trunkwpadmineditformcommentphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-form-comment.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-form-comment.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/edit-form-comment.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx"> 
</span><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;c&quot; value=&quot;&lt;?php echo esc_attr($comment-&gt;comment_ID) ?&gt;&quot; /&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;p&quot; value=&quot;&lt;?php echo esc_attr($comment-&gt;comment_post_ID) ?&gt;&quot; /&gt;
</span><del>-&lt;input name=&quot;referredby&quot; type=&quot;hidden&quot; id=&quot;referredby&quot; value=&quot;&lt;?php echo esc_url( wp_get_referer() ); ?&gt;&quot; /&gt;
</del><ins>+&lt;input name=&quot;referredby&quot; type=&quot;hidden&quot; id=&quot;referredby&quot; value=&quot;&lt;?php echo esc_url(stripslashes(wp_get_referer())); ?&gt;&quot; /&gt;
</ins><span class="cx"> &lt;?php wp_original_referer_field(true, 'previous'); ?&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;noredir&quot; value=&quot;1&quot; /&gt;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadmineditlinkformphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-link-form.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-link-form.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/edit-link-form.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -126,6 +126,7 @@
</span><span class="cx"> if ( $link_id ) : ?&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;action&quot; value=&quot;save&quot; /&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;link_id&quot; value=&quot;&lt;?php echo (int) $link_id; ?&gt;&quot; /&gt;
</span><ins>+&lt;input type=&quot;hidden&quot; name=&quot;order_by&quot; value=&quot;&lt;?php echo esc_attr($order_by); ?&gt;&quot; /&gt;
</ins><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;cat_id&quot; value=&quot;&lt;?php echo (int) $cat_id ?&gt;&quot; /&gt;
</span><span class="cx"> &lt;?php else: ?&gt;
</span><span class="cx"> &lt;input type=&quot;hidden&quot; name=&quot;action&quot; value=&quot;add&quot; /&gt;
</span></span></pre></div>
<a id="trunkwpadminedittagsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-tags.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-tags.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/edit-tags.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -47,9 +47,7 @@
</span><span class="cx">         if ( !current_user_can( $tax-&gt;cap-&gt;edit_terms ) )
</span><span class="cx">                 wp_die( __( 'Cheatin&amp;#8217; uh?' ) );
</span><span class="cx"> 
</span><del>-        $post_data = wp_unslash( $_POST );
-
-        $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
</del><ins>+        $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
</ins><span class="cx">         $location = 'edit-tags.php?taxonomy=' . $taxonomy;
</span><span class="cx">         if ( 'post' != $post_type )
</span><span class="cx">                 $location .= '&amp;post_type=' . $post_type;
</span><span class="lines">@@ -134,10 +132,7 @@
</span><span class="cx"> break;
</span><span class="cx"> 
</span><span class="cx"> case 'editedtag':
</span><del>-
-        $post_data = wp_unslash( $_POST );
-
-        $tag_ID = (int) $post_data['tag_ID'];
</del><ins>+        $tag_ID = (int) $_POST['tag_ID'];
</ins><span class="cx">         check_admin_referer( 'update-tag_' . $tag_ID );
</span><span class="cx"> 
</span><span class="cx">         if ( !current_user_can( $tax-&gt;cap-&gt;edit_terms ) )
</span><span class="lines">@@ -147,7 +142,7 @@
</span><span class="cx">         if ( ! $tag )
</span><span class="cx">                 wp_die( __( 'You attempted to edit an item that doesn&amp;#8217;t exist. Perhaps it was deleted?' ) );
</span><span class="cx"> 
</span><del>-        $ret = wp_update_term( $tag_ID, $taxonomy, $post_data );
</del><ins>+        $ret = wp_update_term( $tag_ID, $taxonomy, $_POST );
</ins><span class="cx"> 
</span><span class="cx">         $location = 'edit-tags.php?taxonomy=' . $taxonomy;
</span><span class="cx">         if ( 'post' != $post_type )
</span><span class="lines">@@ -169,7 +164,7 @@
</span><span class="cx"> 
</span><span class="cx"> default:
</span><span class="cx"> if ( ! empty($_REQUEST['_wp_http_referer']) ) {
</span><del>-        $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) );
</del><ins>+        $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) );
</ins><span class="cx"> 
</span><span class="cx">         if ( ! empty( $_REQUEST['paged'] ) )
</span><span class="cx">                 $location = add_query_arg( 'paged', (int) $_REQUEST['paged'] );
</span><span class="lines">@@ -269,8 +264,8 @@
</span><span class="cx"> &lt;div class=&quot;wrap nosubsub&quot;&gt;
</span><span class="cx"> &lt;?php screen_icon(); ?&gt;
</span><span class="cx"> &lt;h2&gt;&lt;?php echo esc_html( $title );
</span><del>-if ( ! empty($_REQUEST['s']) )
-        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . __('Search results for &amp;#8220;%s&amp;#8221;') . '&lt;/span&gt;', esc_html( wp_unslash( $_REQUEST['s'] ) ) ); ?&gt;
</del><ins>+if ( !empty($_REQUEST['s']) )
+        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . __('Search results for &amp;#8220;%s&amp;#8221;') . '&lt;/span&gt;', esc_html( stripslashes($_REQUEST['s']) ) ); ?&gt;
</ins><span class="cx"> &lt;/h2&gt;
</span><span class="cx"> 
</span><span class="cx"> &lt;?php if ( isset($_REQUEST['message']) &amp;&amp; ( $msg = (int) $_REQUEST['message'] ) ) : ?&gt;
</span></span></pre></div>
<a id="trunkwpadmineditphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/edit.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -138,7 +138,7 @@
</span><span class="cx">         wp_redirect($sendback);
</span><span class="cx">         exit();
</span><span class="cx"> } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
</span><del>-         wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+         wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
</ins><span class="cx">          exit;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludesajaxactionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/ajax-actions.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/ajax-actions.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/ajax-actions.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx">                 wp_die( 0 );
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $s = wp_unslash( $_GET['q'] );
</del><ins>+        $s = stripslashes( $_GET['q'] );
</ins><span class="cx"> 
</span><span class="cx">         $comma = _x( ',', 'tag delimiter' );
</span><span class="cx">         if ( ',' !== $comma )
</span><span class="lines">@@ -279,21 +279,19 @@
</span><span class="cx">  */
</span><span class="cx"> 
</span><span class="cx"> function _wp_ajax_add_hierarchical_term() {
</span><del>-        $post_data = wp_unslash( $_POST );
-
-        $action = $post_data['action'];
</del><ins>+        $action = $_POST['action'];
</ins><span class="cx">         $taxonomy = get_taxonomy(substr($action, 4));
</span><span class="cx">         check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy-&gt;name );
</span><span class="cx">         if ( !current_user_can( $taxonomy-&gt;cap-&gt;edit_terms ) )
</span><span class="cx">                 wp_die( -1 );
</span><del>-        $names = explode(',', $post_data['new'.$taxonomy-&gt;name]);
-        $parent = isset($post_data['new'.$taxonomy-&gt;name.'_parent']) ? (int) $post_data['new'.$taxonomy-&gt;name.'_parent'] : 0;
</del><ins>+        $names = explode(',', $_POST['new'.$taxonomy-&gt;name]);
+        $parent = isset($_POST['new'.$taxonomy-&gt;name.'_parent']) ? (int) $_POST['new'.$taxonomy-&gt;name.'_parent'] : 0;
</ins><span class="cx">         if ( 0 &gt; $parent )
</span><span class="cx">                 $parent = 0;
</span><span class="cx">         if ( $taxonomy-&gt;name == 'category' )
</span><del>-                $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array();
</del><ins>+                $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
</ins><span class="cx">         else
</span><del>-                $post_category = ( isset( $post_data['tax_input'] ) &amp;&amp; isset( $post_data['tax_input'][$taxonomy-&gt;name] ) ) ? (array) $post_data['tax_input'][$taxonomy-&gt;name] : array();
</del><ins>+                $post_category = ( isset($_POST['tax_input']) &amp;&amp; isset($_POST['tax_input'][$taxonomy-&gt;name]) ) ? (array) $_POST['tax_input'][$taxonomy-&gt;name] : array();
</ins><span class="cx">         $checked_categories = array_map( 'absint', (array) $post_category );
</span><span class="cx">         $popular_ids = wp_popular_terms_checklist($taxonomy-&gt;name, 0, 10, false);
</span><span class="cx"> 
</span><span class="lines">@@ -561,7 +559,7 @@
</span><span class="cx">         check_ajax_referer( $action );
</span><span class="cx">         if ( !current_user_can( 'manage_categories' ) )
</span><span class="cx">                 wp_die( -1 );
</span><del>-        $names = explode( ',', wp_unslash( $_POST['newcat'] ) );
</del><ins>+        $names = explode(',', $_POST['newcat']);
</ins><span class="cx">         $x = new WP_Ajax_Response();
</span><span class="cx">         foreach ( $names as $cat_name ) {
</span><span class="cx">                 $cat_name = trim($cat_name);
</span><span class="lines">@@ -574,7 +572,7 @@
</span><span class="cx">                         continue;
</span><span class="cx">                 else if ( is_array( $cat_id ) )
</span><span class="cx">                         $cat_id = $cat_id['term_id'];
</span><del>-                $cat_name = esc_html( wp_unslash( $cat_name ) );
</del><ins>+                $cat_name = esc_html(stripslashes($cat_name));
</ins><span class="cx">                 $x-&gt;add( array(
</span><span class="cx">                         'what' =&gt; 'link-category',
</span><span class="cx">                         'id' =&gt; $cat_id,
</span><span class="lines">@@ -588,11 +586,9 @@
</span><span class="cx"> function wp_ajax_add_tag() {
</span><span class="cx">         global $wp_list_table;
</span><span class="cx"> 
</span><del>-        $post_data = wp_unslash( $_POST );
-
</del><span class="cx">         check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
</span><del>-        $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post';
-        $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag';
</del><ins>+        $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
+        $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
</ins><span class="cx">         $tax = get_taxonomy($taxonomy);
</span><span class="cx"> 
</span><span class="cx">         if ( !current_user_can( $tax-&gt;cap-&gt;edit_terms ) )
</span><span class="lines">@@ -600,7 +596,7 @@
</span><span class="cx"> 
</span><span class="cx">         $x = new WP_Ajax_Response();
</span><span class="cx"> 
</span><del>-        $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
</del><ins>+        $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
</ins><span class="cx"> 
</span><span class="cx">         if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
</span><span class="cx">                 $message = __('An error has occurred. Please reload the page and try again.');
</span><span class="lines">@@ -614,7 +610,7 @@
</span><span class="cx">                 $x-&gt;send();
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' =&gt; $post_data['screen'] ) );
</del><ins>+        $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' =&gt; $_POST['screen'] ) );
</ins><span class="cx"> 
</span><span class="cx">         $level = 0;
</span><span class="cx">         if ( is_taxonomy_hierarchical($taxonomy) ) {
</span><span class="lines">@@ -732,10 +728,10 @@
</span><span class="cx">         $user = wp_get_current_user();
</span><span class="cx">         if ( $user-&gt;exists() ) {
</span><span class="cx">                 $user_ID = $user-&gt;ID;
</span><del>-                $comment_author       = $user-&gt;display_name;
-                $comment_author_email = $user-&gt;user_email;
-                $comment_author_url   = $user-&gt;user_url;
-                $comment_content      = trim( wp_unslash( $_POST['content'] ) );
</del><ins>+                $comment_author       = $wpdb-&gt;escape($user-&gt;display_name);
+                $comment_author_email = $wpdb-&gt;escape($user-&gt;user_email);
+                $comment_author_url   = $wpdb-&gt;escape($user-&gt;user_url);
+                $comment_content      = trim($_POST['content']);
</ins><span class="cx">                 if ( current_user_can( 'unfiltered_html' ) ) {
</span><span class="cx">                         if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
</span><span class="cx">                                 kses_remove_filters(); // start with a clean slate
</span><span class="lines">@@ -961,8 +957,8 @@
</span><span class="cx">                 ) );
</span><span class="cx">         } else { // Update?
</span><span class="cx">                 $mid = (int) key( $_POST['meta'] );
</span><del>-                $key = wp_unslash( $_POST['meta'][$mid]['key'] );
-                $value = wp_unslash( $_POST['meta'][$mid]['value'] );
</del><ins>+                $key = stripslashes( $_POST['meta'][$mid]['key'] );
+                $value = stripslashes( $_POST['meta'][$mid]['value'] );
</ins><span class="cx">                 if ( '' == trim($key) )
</span><span class="cx">                         wp_die( __( 'Please provide a custom field name.' ) );
</span><span class="cx">                 if ( '' == trim($value) )
</span><span class="lines">@@ -1231,7 +1227,7 @@
</span><span class="cx">         $args = array();
</span><span class="cx"> 
</span><span class="cx">         if ( isset( $_POST['search'] ) )
</span><del>-                $args['s'] = wp_unslash( $_POST['search'] );
</del><ins>+                $args['s'] = stripslashes( $_POST['search'] );
</ins><span class="cx">         $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
</span><span class="cx"> 
</span><span class="cx">         require(ABSPATH . WPINC . '/class-wp-editor.php');
</span><span class="lines">@@ -1332,6 +1328,7 @@
</span><span class="cx">         $data = &amp;$_POST;
</span><span class="cx"> 
</span><span class="cx">         $post = get_post( $post_ID, ARRAY_A );
</span><ins>+        $post = add_magic_quotes($post); //since it is from db
</ins><span class="cx"> 
</span><span class="cx">         $data['content'] = $post['post_content'];
</span><span class="cx">         $data['excerpt'] = $post['post_excerpt'];
</span><span class="lines">@@ -1380,9 +1377,7 @@
</span><span class="cx"> 
</span><span class="cx">         check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
</span><span class="cx"> 
</span><del>-        $post_data = wp_unslash( $_POST );
-
-        $taxonomy = sanitize_key( $post_data['taxonomy'] );
</del><ins>+        $taxonomy = sanitize_key( $_POST['taxonomy'] );
</ins><span class="cx">         $tax = get_taxonomy( $taxonomy );
</span><span class="cx">         if ( ! $tax )
</span><span class="cx">                 wp_die( 0 );
</span><span class="lines">@@ -1392,13 +1387,13 @@
</span><span class="cx"> 
</span><span class="cx">         $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' =&gt; 'edit-' . $taxonomy ) );
</span><span class="cx"> 
</span><del>-        if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) )
</del><ins>+        if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
</ins><span class="cx">                 wp_die( -1 );
</span><span class="cx"> 
</span><span class="cx">         $tag = get_term( $id, $taxonomy );
</span><del>-        $post_data['description'] = $tag-&gt;description;
</del><ins>+        $_POST['description'] = $tag-&gt;description;
</ins><span class="cx"> 
</span><del>-        $updated = wp_update_term($id, $taxonomy, $post_data );
</del><ins>+        $updated = wp_update_term($id, $taxonomy, $_POST);
</ins><span class="cx">         if ( $updated &amp;&amp; !is_wp_error($updated) ) {
</span><span class="cx">                 $tag = get_term( $updated['term_id'], $taxonomy );
</span><span class="cx">                 if ( !$tag || is_wp_error( $tag ) ) {
</span><span class="lines">@@ -1430,7 +1425,7 @@
</span><span class="cx">         $post_types = get_post_types( array( 'public' =&gt; true ), 'objects' );
</span><span class="cx">         unset( $post_types['attachment'] );
</span><span class="cx"> 
</span><del>-        $s = wp_unslash( $_POST['ps'] );
</del><ins>+        $s = stripslashes( $_POST['ps'] );
</ins><span class="cx">         $searchand = $search = '';
</span><span class="cx">         $args = array(
</span><span class="cx">                 'post_type' =&gt; array_keys( $post_types ),
</span><span class="lines">@@ -1601,7 +1596,7 @@
</span><span class="cx">                 $post_id = null;
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $post_data = isset( $_REQUEST['post_data'] ) ? wp_unslash( $_REQUEST['post_data'] ) : array();
</del><ins>+        $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
</ins><span class="cx"> 
</span><span class="cx">         // If the context is custom header or background, make sure the uploaded file is an image.
</span><span class="cx">         if ( isset( $post_data['context'] ) &amp;&amp; in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
</span><span class="lines">@@ -1635,10 +1630,10 @@
</span><span class="cx"> 
</span><span class="cx">         if ( isset( $post_data['context'] ) &amp;&amp; isset( $post_data['theme'] ) ) {
</span><span class="cx">                 if ( 'custom-background' === $post_data['context'] )
</span><del>-                        wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
</del><ins>+                        update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
</ins><span class="cx"> 
</span><span class="cx">                 if ( 'custom-header' === $post_data['context'] )
</span><del>-                        wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
</del><ins>+                        update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
</span><span class="lines">@@ -1783,7 +1778,7 @@
</span><span class="cx">                 wp_die( 0 );
</span><span class="cx"> 
</span><span class="cx">         $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1];
</span><del>-        wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
</del><ins>+        update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
</ins><span class="cx">         wp_die( 1 );
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -1878,7 +1873,7 @@
</span><span class="cx">         if ( ! current_user_can( 'edit_post', $id ) )
</span><span class="cx">                 wp_send_json_error();
</span><span class="cx"> 
</span><del>-        $changes = wp_unslash( $_REQUEST['changes'] );
</del><ins>+        $changes = $_REQUEST['changes'];
</ins><span class="cx">         $post    = get_post( $id, ARRAY_A );
</span><span class="cx"> 
</span><span class="cx">         if ( 'attachment' != $post['post_type'] )
</span><span class="lines">@@ -1895,10 +1890,10 @@
</span><span class="cx"> 
</span><span class="cx">         if ( isset( $changes['alt'] ) ) {
</span><span class="cx">                 $alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
</span><del>-                $new_alt = $changes['alt'];
</del><ins>+                $new_alt = stripslashes( $changes['alt'] );
</ins><span class="cx">                 if ( $alt != $new_alt ) {
</span><span class="cx">                         $new_alt = wp_strip_all_tags( $new_alt, true );
</span><del>-                        wp_update_post_meta( $id, '_wp_attachment_image_alt', $new_alt );
</del><ins>+                        update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) );
</ins><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -1920,7 +1915,7 @@
</span><span class="cx"> 
</span><span class="cx">         if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) )
</span><span class="cx">                 wp_send_json_error();
</span><del>-        $attachment_data = wp_unslash( $_REQUEST['attachments'][ $id ] );
</del><ins>+        $attachment_data = $_REQUEST['attachments'][ $id ];
</ins><span class="cx"> 
</span><span class="cx">         check_ajax_referer( 'update-post_' . $id, 'nonce' );
</span><span class="cx"> 
</span><span class="lines">@@ -1964,7 +1959,7 @@
</span><span class="cx"> 
</span><span class="cx">         check_ajax_referer( 'update-post_' . $post_id, 'nonce' );
</span><span class="cx"> 
</span><del>-        $attachments = wp_unslash( $_REQUEST['attachments'] );
</del><ins>+        $attachments = $_REQUEST['attachments'];
</ins><span class="cx"> 
</span><span class="cx">         if ( ! current_user_can( 'edit_post', $post_id ) )
</span><span class="cx">                 wp_send_json_error();
</span><span class="lines">@@ -1995,7 +1990,7 @@
</span><span class="cx"> function wp_ajax_send_attachment_to_editor() {
</span><span class="cx">         check_ajax_referer( 'media-send-to-editor', 'nonce' );
</span><span class="cx"> 
</span><del>-        $attachment = wp_unslash( $_POST['attachment'] );
</del><ins>+        $attachment = stripslashes_deep( $_POST['attachment'] );
</ins><span class="cx"> 
</span><span class="cx">         $id = intval( $attachment['id'] );
</span><span class="cx"> 
</span><span class="lines">@@ -2050,7 +2045,7 @@
</span><span class="cx"> function wp_ajax_send_link_to_editor() {
</span><span class="cx">         check_ajax_referer( 'media-send-to-editor', 'nonce' );
</span><span class="cx"> 
</span><del>-        if ( ! $src = wp_unslash( $_POST['src'] ) )
</del><ins>+        if ( ! $src = stripslashes( $_POST['src'] ) )
</ins><span class="cx">                 wp_send_json_error();
</span><span class="cx"> 
</span><span class="cx">         if ( ! strpos( $src, '://' ) )
</span><span class="lines">@@ -2059,7 +2054,7 @@
</span><span class="cx">         if ( ! $src = esc_url_raw( $src ) )
</span><span class="cx">                 wp_send_json_error();
</span><span class="cx"> 
</span><del>-        if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )
</del><ins>+        if ( ! $title = trim( stripslashes( $_POST['title'] ) ) )
</ins><span class="cx">                 $title = wp_basename( $src );
</span><span class="cx"> 
</span><span class="cx">         $html = '';
</span><span class="lines">@@ -2088,7 +2083,7 @@
</span><span class="cx">                 $screen_id = 'site';
</span><span class="cx"> 
</span><span class="cx">         if ( ! empty($_POST['data']) ) {
</span><del>-                $data = wp_unslash( (array) $_POST['data'] );
</del><ins>+                $data = (array) $_POST['data'];
</ins><span class="cx">                 // todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..?
</span><span class="cx">                 $user = wp_get_current_user();
</span><span class="cx">                 $data['user_id'] = $user-&gt;exists() ? $user-&gt;ID : 0;
</span><span class="lines">@@ -2119,7 +2114,7 @@
</span><span class="cx">                 $screen_id = 'site';
</span><span class="cx"> 
</span><span class="cx">         if ( ! empty($_POST['data']) ) {
</span><del>-                $data = wp_unslash( (array) $_POST['data'] );
</del><ins>+                $data = stripslashes_deep( (array) $_POST['data'] );
</ins><span class="cx">                 $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
</span><span class="cx">         }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludesbookmarkphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/bookmark.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/bookmark.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/bookmark.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -39,9 +39,9 @@
</span><span class="cx"> 
</span><span class="cx">         if ( !empty( $link_id ) ) {
</span><span class="cx">                 $_POST['link_id'] = $link_id;
</span><del>-                return wp_update_link( wp_unslash( $_POST ) );
</del><ins>+                return wp_update_link( $_POST );
</ins><span class="cx">         } else {
</span><del>-                return wp_insert_link( wp_unslash( $_POST ) );
</del><ins>+                return wp_insert_link( $_POST );
</ins><span class="cx">         }
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -55,12 +55,12 @@
</span><span class="cx"> function get_default_link_to_edit() {
</span><span class="cx">         $link = new stdClass;
</span><span class="cx">         if ( isset( $_GET['linkurl'] ) )
</span><del>-                $link-&gt;link_url = esc_url( wp_unslash( $_GET['linkurl'] ) );
</del><ins>+                $link-&gt;link_url = esc_url( $_GET['linkurl'] );
</ins><span class="cx">         else
</span><span class="cx">                 $link-&gt;link_url = '';
</span><span class="cx"> 
</span><span class="cx">         if ( isset( $_GET['name'] ) )
</span><del>-                $link-&gt;link_name = esc_attr( wp_unslash( $_GET['name'] ) );
</del><ins>+                $link-&gt;link_name = esc_attr( $_GET['name'] );
</ins><span class="cx">         else
</span><span class="cx">                 $link-&gt;link_name = '';
</span><span class="cx"> 
</span><span class="lines">@@ -137,7 +137,7 @@
</span><span class="cx">         $linkdata = wp_parse_args( $linkdata, $defaults );
</span><span class="cx">         $linkdata = sanitize_bookmark( $linkdata, 'db' );
</span><span class="cx"> 
</span><del>-        extract( $linkdata, EXTR_SKIP );
</del><ins>+        extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
</ins><span class="cx"> 
</span><span class="cx">         $update = false;
</span><span class="cx"> 
</span><span class="lines">@@ -250,6 +250,9 @@
</span><span class="cx"> 
</span><span class="cx">         $link = get_bookmark( $link_id, ARRAY_A );
</span><span class="cx"> 
</span><ins>+        // Escape data pulled from DB.
+        $link = add_magic_quotes( $link );
+
</ins><span class="cx">         // Passed link category list overwrites existing category list if not empty.
</span><span class="cx">         if ( isset( $linkdata['link_category'] ) &amp;&amp; is_array( $linkdata['link_category'] )
</span><span class="cx">                          &amp;&amp; 0 != count( $linkdata['link_category'] ) )
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpcommentslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-comments-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-comments-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-comments-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -170,7 +170,7 @@
</span><span class="cx">                         /*
</span><span class="cx">                         // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
</span><span class="cx">                         if ( !empty( $_REQUEST['s'] ) )
</span><del>-                                $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );
</del><ins>+                                $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link );
</ins><span class="cx">                         */
</span><span class="cx">                         $status_links[$status] = &quot;&lt;a href='$link'$class&gt;&quot; . sprintf(
</span><span class="cx">                                 translate_nooped_plural( $label, $num_comments-&gt;$status ),
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmssiteslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-sites-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-sites-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-ms-sites-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -29,7 +29,7 @@
</span><span class="cx"> 
</span><span class="cx">                 $pagenum = $this-&gt;get_pagenum();
</span><span class="cx"> 
</span><del>-                $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';
</del><ins>+                $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : '';
</ins><span class="cx">                 $wild = '';
</span><span class="cx">                 if ( false !== strpos($s, '*') ) {
</span><span class="cx">                         $wild = '%';
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmsthemeslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-themes-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-themes-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-ms-themes-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -126,7 +126,7 @@
</span><span class="cx">         function _search_callback( $theme ) {
</span><span class="cx">                 static $term;
</span><span class="cx">                 if ( is_null( $term ) )
</span><del>-                        $term = wp_unslash( $_REQUEST['s'] );
</del><ins>+                        $term = stripslashes( $_REQUEST['s'] );
</ins><span class="cx"> 
</span><span class="cx">                 foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) {
</span><span class="cx">                         // Don't mark up; Do translate.
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpmsuserslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-ms-users-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-ms-users-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-ms-users-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -173,10 +173,10 @@
</span><span class="cx"> 
</span><span class="cx">                                         case 'username':
</span><span class="cx">                                                 $avatar        = get_avatar( $user-&gt;user_email, 32 );
</span><del>-                                                $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user-&gt;ID ) ) );
</del><ins>+                                                $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user-&gt;ID ) ) );
</ins><span class="cx"> 
</span><span class="cx">                                                 echo &quot;&lt;td $attributes&gt;&quot;; ?&gt;
</span><del>-                                                        &lt;?php echo $avatar; ?&gt;&lt;strong&gt;&lt;a href=&quot;&lt;?php echo $edit_link; ?&gt;&quot; class=&quot;edit&quot;&gt;&lt;?php echo $user-&gt;user_login; ?&gt;&lt;/a&gt;&lt;?php
</del><ins>+                                                        &lt;?php echo $avatar; ?&gt;&lt;strong&gt;&lt;a href=&quot;&lt;?php echo $edit_link; ?&gt;&quot; class=&quot;edit&quot;&gt;&lt;?php echo stripslashes( $user-&gt;user_login ); ?&gt;&lt;/a&gt;&lt;?php
</ins><span class="cx">                                                         if ( in_array( $user-&gt;user_login, $super_admins ) )
</span><span class="cx">                                                                 echo ' - ' . __( 'Super Admin' );
</span><span class="cx">                                                         ?&gt;&lt;/strong&gt;
</span><span class="lines">@@ -186,7 +186,7 @@
</span><span class="cx">                                                                 $actions['edit'] = '&lt;a href=&quot;' . $edit_link . '&quot;&gt;' . __( 'Edit' ) . '&lt;/a&gt;';
</span><span class="cx"> 
</span><span class="cx">                                                                 if ( current_user_can( 'delete_user', $user-&gt;ID ) &amp;&amp; ! in_array( $user-&gt;user_login, $super_admins ) ) {
</span><del>-                                                                        $actions['delete'] = '&lt;a href=&quot;' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;amp;action=deleteuser&amp;amp;id=' . $user-&gt;ID ) ) ) . '&quot; class=&quot;delete&quot;&gt;' . __( 'Delete' ) . '&lt;/a&gt;';
</del><ins>+                                                                        $actions['delete'] = '&lt;a href=&quot;' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;amp;action=deleteuser&amp;amp;id=' . $user-&gt;ID ) ) ) . '&quot; class=&quot;delete&quot;&gt;' . __( 'Delete' ) . '&lt;/a&gt;';
</ins><span class="cx">                                                                 }
</span><span class="cx"> 
</span><span class="cx">                                                                 $actions = apply_filters( 'ms_user_row_actions', $actions, $user );
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpplugininstalllisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-plugin-install-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-plugin-install-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-plugin-install-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -48,8 +48,8 @@
</span><span class="cx"> 
</span><span class="cx">                 switch ( $tab ) {
</span><span class="cx">                         case 'search':
</span><del>-                                $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
-                                $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
</del><ins>+                                $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
+                                $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
</ins><span class="cx"> 
</span><span class="cx">                                 switch ( $type ) {
</span><span class="cx">                                         case 'tag':
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx">                                 break;
</span><span class="cx"> 
</span><span class="cx">                         case 'favorites':
</span><del>-                                $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</del><ins>+                                $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</ins><span class="cx">                                 update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
</span><span class="cx">                                 if ( $user )
</span><span class="cx">                                         $args['user'] = $user;
</span></span></pre></div>
<a id="trunkwpadminincludesclasswppluginslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-plugins-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-plugins-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-plugins-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -22,7 +22,7 @@
</span><span class="cx">                         $status = $_REQUEST['plugin_status'];
</span><span class="cx"> 
</span><span class="cx">                 if ( isset($_REQUEST['s']) )
</span><del>-                        $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );
</del><ins>+                        $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) );
</ins><span class="cx"> 
</span><span class="cx">                 $page = $this-&gt;get_pagenum();
</span><span class="cx">         }
</span><span class="lines">@@ -140,7 +140,7 @@
</span><span class="cx">         function _search_callback( $plugin ) {
</span><span class="cx">                 static $term;
</span><span class="cx">                 if ( is_null( $term ) )
</span><del>-                        $term = wp_unslash( $_REQUEST['s'] );
</del><ins>+                        $term = stripslashes( $_REQUEST['s'] );
</ins><span class="cx"> 
</span><span class="cx">                 foreach ( $plugin as $value )
</span><span class="cx">                         if ( stripos( $value, $term ) !== false )
</span></span></pre></div>
<a id="trunkwpadminincludesclasswptermslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-terms-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-terms-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-terms-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -52,7 +52,7 @@
</span><span class="cx">                         $tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter
</span><span class="cx">                 }
</span><span class="cx"> 
</span><del>-                $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
</del><ins>+                $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : '';
</ins><span class="cx"> 
</span><span class="cx">                 $args = array(
</span><span class="cx">                         'search' =&gt; $search,
</span><span class="lines">@@ -61,10 +61,10 @@
</span><span class="cx">                 );
</span><span class="cx"> 
</span><span class="cx">                 if ( !empty( $_REQUEST['orderby'] ) )
</span><del>-                        $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
</del><ins>+                        $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) );
</ins><span class="cx"> 
</span><span class="cx">                 if ( !empty( $_REQUEST['order'] ) )
</span><del>-                        $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
</del><ins>+                        $args['order'] = trim( stripslashes( $_REQUEST['order'] ) );
</ins><span class="cx"> 
</span><span class="cx">                 $this-&gt;callback_args = $args;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpthemeinstalllisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-theme-install-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-theme-install-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-theme-install-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -24,7 +24,7 @@
</span><span class="cx">                 $search_terms = array();
</span><span class="cx">                 $search_string = '';
</span><span class="cx">                 if ( ! empty( $_REQUEST['s'] ) ){
</span><del>-                        $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) );
</del><ins>+                        $search_string = strtolower( stripslashes( $_REQUEST['s'] ) );
</ins><span class="cx">                         $search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) );
</span><span class="cx">                 }
</span><span class="cx"> 
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx"> 
</span><span class="cx">                 switch ( $tab ) {
</span><span class="cx">                         case 'search':
</span><del>-                                $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
</del><ins>+                                $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
</ins><span class="cx">                                 switch ( $type ) {
</span><span class="cx">                                         case 'tag':
</span><span class="cx">                                                 $args['tag'] = array_map( 'sanitize_key', $search_terms );
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpthemeslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-themes-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-themes-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-themes-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">                 $themes = wp_get_themes( array( 'allowed' =&gt; true ) );
</span><span class="cx"> 
</span><span class="cx">                 if ( ! empty( $_REQUEST['s'] ) )
</span><del>-                        $this-&gt;search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) );
</del><ins>+                        $this-&gt;search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) );
</ins><span class="cx"> 
</span><span class="cx">                 if ( ! empty( $_REQUEST['features'] ) )
</span><span class="cx">                         $this-&gt;features = $_REQUEST['features'];
</span><span class="lines">@@ -235,7 +235,7 @@
</span><span class="cx">          * @uses _pagination_args['total_pages']
</span><span class="cx">          */
</span><span class="cx">          function _js_vars( $extra_args = array() ) {
</span><del>-                $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
</del><ins>+                $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
</ins><span class="cx"> 
</span><span class="cx">                 $args = array(
</span><span class="cx">                         'search' =&gt; $search_string,
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpupgraderphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-upgrader.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-upgrader.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-upgrader.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1427,7 +1427,7 @@
</span><span class="cx"> 
</span><span class="cx">                 $install_actions = array();
</span><span class="cx"> 
</span><del>-                $from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins';
</del><ins>+                $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
</ins><span class="cx"> 
</span><span class="cx">                 if ( 'import' == $from )
</span><span class="cx">                         $install_actions['activate_plugin'] = '&lt;a href=&quot;' . wp_nonce_url('plugins.php?action=activate&amp;amp;from=import&amp;amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '&quot; title=&quot;' . esc_attr__('Activate this plugin') . '&quot; target=&quot;_parent&quot;&gt;' . __('Activate Plugin &amp;amp; Run Importer') . '&lt;/a&gt;';
</span></span></pre></div>
<a id="trunkwpadminincludesclasswpuserslisttablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/class-wp-users-list-table.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/class-wp-users-list-table.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/class-wp-users-list-table.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -241,7 +241,7 @@
</span><span class="cx">                 // Check if the user for this row is editable
</span><span class="cx">                 if ( current_user_can( 'list_users' ) ) {
</span><span class="cx">                         // Set up the user editing link
</span><del>-                        $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object-&gt;ID ) ) );
</del><ins>+                        $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object-&gt;ID ) ) );
</ins><span class="cx"> 
</span><span class="cx">                         // Set up the hover actions for this user
</span><span class="cx">                         $actions = array();
</span></span></pre></div>
<a id="trunkwpadminincludescommentphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/comment.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/comment.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/comment.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -19,6 +19,9 @@
</span><span class="cx"> function comment_exists($comment_author, $comment_date) {
</span><span class="cx">         global $wpdb;
</span><span class="cx"> 
</span><ins>+        $comment_author = stripslashes($comment_author);
+        $comment_date = stripslashes($comment_date);
+
</ins><span class="cx">         return $wpdb-&gt;get_var( $wpdb-&gt;prepare(&quot;SELECT comment_post_ID FROM $wpdb-&gt;comments
</span><span class="cx">                         WHERE comment_author = %s AND comment_date = %s&quot;, $comment_author, $comment_date) );
</span><span class="cx"> }
</span><span class="lines">@@ -30,40 +33,38 @@
</span><span class="cx">  */
</span><span class="cx"> function edit_comment() {
</span><span class="cx"> 
</span><del>-        $post_data = wp_unslash( $_POST );
-
-        if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) )
</del><ins>+        if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
</ins><span class="cx">                 wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
</span><span class="cx"> 
</span><del>-        $post_data['comment_author'] = $post_data['newcomment_author'];
-        $post_data['comment_author_email'] = $post_data['newcomment_author_email'];
-        $post_data['comment_author_url'] = $post_data['newcomment_author_url'];
-        $post_data['comment_approved'] = $post_data['comment_status'];
-        $post_data['comment_content'] = $post_data['content'];
-        $post_data['comment_ID'] = (int) $post_data['comment_ID'];
</del><ins>+        $_POST['comment_author'] = $_POST['newcomment_author'];
+        $_POST['comment_author_email'] = $_POST['newcomment_author_email'];
+        $_POST['comment_author_url'] = $_POST['newcomment_author_url'];
+        $_POST['comment_approved'] = $_POST['comment_status'];
+        $_POST['comment_content'] = $_POST['content'];
+        $_POST['comment_ID'] = (int) $_POST['comment_ID'];
</ins><span class="cx"> 
</span><span class="cx">         foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
</span><del>-                if ( !empty( $post_data['hidden_' . $timeunit] ) &amp;&amp; $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
</del><ins>+                if ( !empty( $_POST['hidden_' . $timeunit] ) &amp;&amp; $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
</ins><span class="cx">                         $_POST['edit_date'] = '1';
</span><span class="cx">                         break;
</span><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        if ( !empty ( $post_data['edit_date'] ) ) {
-                $aa = $post_data['aa'];
-                $mm = $post_data['mm'];
-                $jj = $post_data['jj'];
-                $hh = $post_data['hh'];
-                $mn = $post_data['mn'];
-                $ss = $post_data['ss'];
</del><ins>+        if ( !empty ( $_POST['edit_date'] ) ) {
+                $aa = $_POST['aa'];
+                $mm = $_POST['mm'];
+                $jj = $_POST['jj'];
+                $hh = $_POST['hh'];
+                $mn = $_POST['mn'];
+                $ss = $_POST['ss'];
</ins><span class="cx">                 $jj = ($jj &gt; 31 ) ? 31 : $jj;
</span><span class="cx">                 $hh = ($hh &gt; 23 ) ? $hh -24 : $hh;
</span><span class="cx">                 $mn = ($mn &gt; 59 ) ? $mn -60 : $mn;
</span><span class="cx">                 $ss = ($ss &gt; 59 ) ? $ss -60 : $ss;
</span><del>-                $post_data['comment_date'] = &quot;$aa-$mm-$jj $hh:$mn:$ss&quot;;
</del><ins>+                $_POST['comment_date'] = &quot;$aa-$mm-$jj $hh:$mn:$ss&quot;;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><del>-        wp_update_comment( $post_data );
</del><ins>+        wp_update_comment( $_POST );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpadminincludesdashboardphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/dashboard.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/dashboard.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/dashboard.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1093,7 +1093,7 @@
</span><span class="cx">         $widget_options[$widget_id]['number'] = $number;
</span><span class="cx"> 
</span><span class="cx">         if ( 'POST' == $_SERVER['REQUEST_METHOD'] &amp;&amp; isset($_POST['widget-rss'][$number]) ) {
</span><del>-                $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
</del><ins>+                $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] );
</ins><span class="cx">                 $widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
</span><span class="cx">                 // title is optional. If black, fill it if possible
</span><span class="cx">                 if ( !$widget_options[$widget_id]['title'] &amp;&amp; isset($_POST['widget-rss'][$number]['title']) ) {
</span></span></pre></div>
<a id="trunkwpadminincludesdeprecatedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/deprecated.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/deprecated.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/deprecated.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -472,13 +472,14 @@
</span><span class="cx">         function WP_User_Search ($search_term = '', $page = '', $role = '') {
</span><span class="cx">                 _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
</span><span class="cx"> 
</span><del>-                $this-&gt;search_term = $search_term;
</del><ins>+                $this-&gt;search_term = stripslashes( $search_term );
</ins><span class="cx">                 $this-&gt;raw_page = ( '' == $page ) ? false : (int) $page;
</span><span class="cx">                 $this-&gt;page = (int) ( '' == $page ) ? 1 : $page;
</span><span class="cx">                 $this-&gt;role = $role;
</span><span class="cx"> 
</span><span class="cx">                 $this-&gt;prepare_query();
</span><span class="cx">                 $this-&gt;query();
</span><ins>+                $this-&gt;prepare_vars_for_template_usage();
</ins><span class="cx">                 $this-&gt;do_paging();
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -549,7 +550,9 @@
</span><span class="cx">          * @since 2.1.0
</span><span class="cx">          * @access public
</span><span class="cx">          */
</span><del>-        function prepare_vars_for_template_usage() {}
</del><ins>+        function prepare_vars_for_template_usage() {
+                $this-&gt;search_term = stripslashes($this-&gt;search_term); // done with DB, from now on we want slashes gone
+        }
</ins><span class="cx"> 
</span><span class="cx">         /**
</span><span class="cx">          * {@internal Missing Short Description}}
</span></span></pre></div>
<a id="trunkwpadminincludesfilephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/file.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/file.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/file.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -901,13 +901,13 @@
</span><span class="cx">         $credentials = get_option('ftp_credentials', array( 'hostname' =&gt; '', 'username' =&gt; ''));
</span><span class="cx"> 
</span><span class="cx">         // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
</span><del>-        $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
-        $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
-        $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
</del><ins>+        $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
+        $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
+        $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
</ins><span class="cx"> 
</span><span class="cx">         // Check to see if we are setting the public/private keys for ssh
</span><del>-        $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
-        $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
</del><ins>+        $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
+        $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
</ins><span class="cx"> 
</span><span class="cx">         //sanitize the hostname, Some people might pass in odd-data:
</span><span class="cx">         $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
</span><span class="lines">@@ -925,7 +925,7 @@
</span><span class="cx">         else if ( (defined('FTP_SSL') &amp;&amp; FTP_SSL) &amp;&amp; 'ftpext' == $type ) //Only the FTP Extension understands SSL
</span><span class="cx">                 $credentials['connection_type'] = 'ftps';
</span><span class="cx">         else if ( !empty($_POST['connection_type']) )
</span><del>-                $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
</del><ins>+                $credentials['connection_type'] = stripslashes($_POST['connection_type']);
</ins><span class="cx">         else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
</span><span class="cx">                 $credentials['connection_type'] = 'ftp';
</span><span class="cx"> 
</span><span class="lines">@@ -1050,7 +1050,7 @@
</span><span class="cx"> &lt;?php
</span><span class="cx"> foreach ( (array) $extra_fields as $field ) {
</span><span class="cx">         if ( isset( $_POST[ $field ] ) )
</span><del>-                echo '&lt;input type=&quot;hidden&quot; name=&quot;' . esc_attr( $field ) . '&quot; value=&quot;' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '&quot; /&gt;';
</del><ins>+                echo '&lt;input type=&quot;hidden&quot; name=&quot;' . esc_attr( $field ) . '&quot; value=&quot;' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '&quot; /&gt;';
</ins><span class="cx"> }
</span><span class="cx"> submit_button( __( 'Proceed' ), 'button', 'upgrade' );
</span><span class="cx"> ?&gt;
</span></span></pre></div>
<a id="trunkwpadminincludesimageeditphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/image-edit.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/image-edit.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/image-edit.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -454,7 +454,7 @@
</span><span class="cx">     if ( is_wp_error( $img ) )
</span><span class="cx">         return false;
</span><span class="cx"> 
</span><del>-        $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash( $_REQUEST['history'] ) ) : null;
</del><ins>+        $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null;
</ins><span class="cx">         if ( $changes )
</span><span class="cx">                 $img = image_edit_apply_changes( $img, $changes );
</span><span class="cx"> 
</span><span class="lines">@@ -533,7 +533,7 @@
</span><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
</del><ins>+        if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
</ins><span class="cx">                 $msg-&gt;error = __('Cannot save image metadata.');
</span><span class="cx">                 return $msg;
</span><span class="cx">         }
</span><span class="lines">@@ -587,7 +587,7 @@
</span><span class="cx">                         return $return;
</span><span class="cx">                 }
</span><span class="cx">         } elseif ( !empty($_REQUEST['history']) ) {
</span><del>-                $changes = json_decode( wp_unslash( $_REQUEST['history'] ) );
</del><ins>+                $changes = json_decode( stripslashes($_REQUEST['history']) );
</ins><span class="cx">                 if ( $changes )
</span><span class="cx">                         $img = image_edit_apply_changes($img, $changes);
</span><span class="cx">         } else {
</span><span class="lines">@@ -699,7 +699,7 @@
</span><span class="cx"> 
</span><span class="cx">         if ( $success ) {
</span><span class="cx">                 wp_update_attachment_metadata( $post_id, $meta );
</span><del>-                wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
</del><ins>+                update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
</ins><span class="cx"> 
</span><span class="cx">                 if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) {
</span><span class="cx">                         // Check if it's an image edit from attachment edit screen
</span></span></pre></div>
<a id="trunkwpadminincludesmediaphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/media.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/media.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/media.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -444,8 +444,6 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id =&gt; $attachment ) {
</span><del>-                $attachment = wp_unslash( $attachment );
-        
</del><span class="cx">                 $post = $_post = get_post($attachment_id, ARRAY_A);
</span><span class="cx">                 $post_type_object = get_post_type_object( $post[ 'post_type' ] );
</span><span class="cx"> 
</span><span class="lines">@@ -470,9 +468,10 @@
</span><span class="cx"> 
</span><span class="cx">                 if ( isset($attachment['image_alt']) ) {
</span><span class="cx">                         $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
</span><del>-                        if ( $image_alt != $attachment['image_alt'] ) {
-                                $image_alt = wp_strip_all_tags( $attachment['image_alt'], true );
-                                wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt );
</del><ins>+                        if ( $image_alt != stripslashes($attachment['image_alt']) ) {
+                                $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
+                                // update_meta expects slashed
+                                update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
</ins><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="cx"> 
</span><span class="lines">@@ -502,7 +501,7 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( isset($send_id) ) {
</span><del>-                $attachment = wp_unslash( $_POST['attachments'][$send_id] );
</del><ins>+                $attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
</ins><span class="cx"> 
</span><span class="cx">                 $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
</span><span class="cx">                 if ( !empty($attachment['url']) ) {
</span><span class="lines">@@ -547,7 +546,7 @@
</span><span class="cx">                         $src = &quot;http://$src&quot;;
</span><span class="cx"> 
</span><span class="cx">                 if ( isset( $_POST['media_type'] ) &amp;&amp; 'image' != $_POST['media_type'] ) {
</span><del>-                        $title = esc_html( wp_unslash( $_POST['title'] ) );
</del><ins>+                        $title = esc_html( stripslashes( $_POST['title'] ) );
</ins><span class="cx">                         if ( empty( $title ) )
</span><span class="cx">                                 $title = esc_html( basename( $src ) );
</span><span class="cx"> 
</span><span class="lines">@@ -562,9 +561,9 @@
</span><span class="cx">                         $html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title );
</span><span class="cx">                 } else {
</span><span class="cx">                         $align = '';
</span><del>-                        $alt = esc_attr( wp_unslash( $_POST['alt'] ) );
</del><ins>+                        $alt = esc_attr( stripslashes( $_POST['alt'] ) );
</ins><span class="cx">                         if ( isset($_POST['align']) ) {
</span><del>-                                $align = esc_attr( wp_unslash( $_POST['align'] ) );
</del><ins>+                                $align = esc_attr( stripslashes( $_POST['align'] ) );
</ins><span class="cx">                                 $class = &quot; class='align$align'&quot;;
</span><span class="cx">                         }
</span><span class="cx">                         if ( !empty($src) )
</span></span></pre></div>
<a id="trunkwpadminincludesmiscphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/misc.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/misc.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/misc.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -220,7 +220,7 @@
</span><span class="cx">  * @return string
</span><span class="cx">  */
</span><span class="cx"> function url_shorten( $url ) {
</span><del>-        $short_url = str_replace( 'http://', '', $url );
</del><ins>+        $short_url = str_replace( 'http://', '', stripslashes( $url ));
</ins><span class="cx">         $short_url = str_replace( 'www.', '', $short_url );
</span><span class="cx">         $short_url = untrailingslashit( $short_url );
</span><span class="cx">         if ( strlen( $short_url ) &gt; 35 )
</span><span class="lines">@@ -248,9 +248,9 @@
</span><span class="cx">                         if ( empty( $_GET[$var] ) )
</span><span class="cx">                                 $$var = '';
</span><span class="cx">                         else
</span><del>-                                $$var = wp_unslash( $_GET[$var] );
</del><ins>+                                $$var = $_GET[$var];
</ins><span class="cx">                 } else {
</span><del>-                        $$var = wp_unslash( $_POST[$var] );
</del><ins>+                        $$var = $_POST[$var];
</ins><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> }
</span><span class="lines">@@ -323,8 +323,8 @@
</span><span class="cx"> 
</span><span class="cx">                 if ( !$user = wp_get_current_user() )
</span><span class="cx">                         return;
</span><del>-                $option = wp_unslash( $_POST['wp_screen_options']['option'] );
-                $value = wp_unslash( $_POST['wp_screen_options']['value'] );
</del><ins>+                $option = $_POST['wp_screen_options']['option'];
+                $value = $_POST['wp_screen_options']['value'];
</ins><span class="cx"> 
</span><span class="cx">                 if ( $option != sanitize_key( $option ) )
</span><span class="cx">                         return;
</span></span></pre></div>
<a id="trunkwpadminincludesplugininstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/plugin-install.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/plugin-install.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/plugin-install.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -116,8 +116,8 @@
</span><span class="cx">  * @since 2.7.0
</span><span class="cx">  */
</span><span class="cx"> function install_search_form( $type_selector = true ) {
</span><del>-        $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term';
-        $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : '';
</del><ins>+        $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term';
+        $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
</ins><span class="cx"> 
</span><span class="cx">         ?&gt;&lt;form id=&quot;search-plugins&quot; method=&quot;get&quot; action=&quot;&quot;&gt;
</span><span class="cx">                 &lt;input type=&quot;hidden&quot; name=&quot;tab&quot; value=&quot;search&quot; /&gt;
</span><span class="lines">@@ -160,7 +160,7 @@
</span><span class="cx">  *
</span><span class="cx">  */
</span><span class="cx"> function install_plugins_favorites_form() {
</span><del>-        $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</del><ins>+        $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
</ins><span class="cx">         ?&gt;
</span><span class="cx">         &lt;p class=&quot;install-help&quot;&gt;&lt;?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?&gt;&lt;/p&gt;
</span><span class="cx">         &lt;form method=&quot;get&quot; action=&quot;&quot;&gt;
</span><span class="lines">@@ -251,7 +251,7 @@
</span><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx">         if ( isset($_GET['from']) )
</span><del>-                $url .= '&amp;amp;from=' . urlencode( wp_unslash( $_GET['from'] ) );
</del><ins>+                $url .= '&amp;amp;from=' . urlencode(stripslashes($_GET['from']));
</ins><span class="cx"> 
</span><span class="cx">         return compact('status', 'url', 'version');
</span><span class="cx"> }
</span><span class="lines">@@ -264,7 +264,7 @@
</span><span class="cx"> function install_plugin_information() {
</span><span class="cx">         global $tab;
</span><span class="cx"> 
</span><del>-        $api = plugins_api('plugin_information', array('slug' =&gt; wp_unslash( $_REQUEST['plugin'] ) ));
</del><ins>+        $api = plugins_api('plugin_information', array('slug' =&gt; stripslashes( $_REQUEST['plugin'] ) ));
</ins><span class="cx"> 
</span><span class="cx">         if ( is_wp_error($api) )
</span><span class="cx">                 wp_die($api);
</span><span class="lines">@@ -295,7 +295,7 @@
</span><span class="cx">                         $api-&gt;$key = wp_kses( $api-&gt;$key, $plugins_allowedtags );
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
</del><ins>+        $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
</ins><span class="cx">         if ( empty($section) || ! isset($api-&gt;sections[ $section ]) )
</span><span class="cx">                 $section = array_shift( $section_titles = array_keys((array)$api-&gt;sections) );
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludespostphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/post.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/post.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/post.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -149,8 +149,8 @@
</span><span class="cx">  */
</span><span class="cx"> function edit_post( $post_data = null ) {
</span><span class="cx"> 
</span><del>-        if ( empty( $post_data ) )
-                $post_data = wp_unslash( $_POST );
</del><ins>+        if ( empty($post_data) )
+                $post_data = &amp;$_POST;
</ins><span class="cx"> 
</span><span class="cx">         // Clear out any data in internal vars.
</span><span class="cx">         unset( $post_data['filter'] );
</span><span class="lines">@@ -236,9 +236,10 @@
</span><span class="cx">         if ( 'attachment' == $post_data['post_type'] ) {
</span><span class="cx">                 if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
</span><span class="cx">                         $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
</span><del>-                        if ( $image_alt != $post_data['_wp_attachment_image_alt'] ) {
-                                $image_alt = wp_strip_all_tags( $post_data['_wp_attachment_image_alt'], true );
-                                wp_update_post_meta( $post_ID, '_wp_attachment_image_alt', $image_alt );
</del><ins>+                        if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
+                                $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
+                                // update_meta expects slashed
+                                update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
</ins><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="cx"> 
</span><span class="lines">@@ -248,7 +249,7 @@
</span><span class="cx"> 
</span><span class="cx">         add_meta( $post_ID );
</span><span class="cx"> 
</span><del>-        wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']-&gt;ID );
</del><ins>+        update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']-&gt;ID );
</ins><span class="cx"> 
</span><span class="cx">         wp_update_post( $post_data );
</span><span class="cx"> 
</span><span class="lines">@@ -429,15 +430,15 @@
</span><span class="cx"> 
</span><span class="cx">         $post_title = '';
</span><span class="cx">         if ( !empty( $_REQUEST['post_title'] ) )
</span><del>-                $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
</del><ins>+                $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
</ins><span class="cx"> 
</span><span class="cx">         $post_content = '';
</span><span class="cx">         if ( !empty( $_REQUEST['content'] ) )
</span><del>-                $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
</del><ins>+                $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
</ins><span class="cx"> 
</span><span class="cx">         $post_excerpt = '';
</span><span class="cx">         if ( !empty( $_REQUEST['excerpt'] ) )
</span><del>-                $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
</del><ins>+                $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
</ins><span class="cx"> 
</span><span class="cx">         if ( $create_in_db ) {
</span><span class="cx">                 $post_id = wp_insert_post( array( 'post_title' =&gt; __( 'Auto Draft' ), 'post_type' =&gt; $post_type, 'post_status' =&gt; 'auto-draft' ) );
</span><span class="lines">@@ -486,9 +487,9 @@
</span><span class="cx"> function post_exists($title, $content = '', $date = '') {
</span><span class="cx">         global $wpdb;
</span><span class="cx"> 
</span><del>-        $post_title = sanitize_post_field( 'post_title', $title, 0, 'db' );
-        $post_content = sanitize_post_field( 'post_content', $content, 0, 'db' );
-        $post_date = sanitize_post_field( 'post_date', $date, 0, 'db' );
</del><ins>+        $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
+        $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
+        $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
</ins><span class="cx"> 
</span><span class="cx">         $query = &quot;SELECT ID FROM $wpdb-&gt;posts WHERE 1=1&quot;;
</span><span class="cx">         $args = array();
</span><span class="lines">@@ -566,7 +567,7 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         // Create the post.
</span><del>-        $post_ID = wp_insert_post( wp_unslash( $_POST ) );
</del><ins>+        $post_ID = wp_insert_post( $_POST );
</ins><span class="cx">         if ( is_wp_error( $post_ID ) )
</span><span class="cx">                 return $post_ID;
</span><span class="cx"> 
</span><span class="lines">@@ -575,7 +576,7 @@
</span><span class="cx"> 
</span><span class="cx">         add_meta( $post_ID );
</span><span class="cx"> 
</span><del>-        wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']-&gt;ID );
</del><ins>+        add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']-&gt;ID );
</ins><span class="cx"> 
</span><span class="cx">         // Now that we have an ID we can fix any attachment anchor hrefs
</span><span class="cx">         _fix_attachment_links( $post_ID );
</span><span class="lines">@@ -619,9 +620,9 @@
</span><span class="cx">         global $wpdb;
</span><span class="cx">         $post_ID = (int) $post_ID;
</span><span class="cx"> 
</span><del>-        $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
-        $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
-        $metavalue = isset($_POST['metavalue']) ? wp_unslash( trim( $_POST['metavalue'] ) ) : '';
</del><ins>+        $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
+        $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
+        $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
</ins><span class="cx">         if ( is_string( $metavalue ) )
</span><span class="cx">                 $metavalue = trim( $metavalue );
</span><span class="cx"> 
</span><span class="lines">@@ -638,7 +639,9 @@
</span><span class="cx">                 if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
</span><span class="cx">                         return false;
</span><span class="cx"> 
</span><del>-                return wp_add_post_meta( $post_ID, $metakey, $metavalue );
</del><ins>+                $metakey = esc_sql( $metakey );
+
+                return add_post_meta( $post_ID, $metakey, $metavalue );
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         return false;
</span><span class="lines">@@ -711,11 +714,14 @@
</span><span class="cx">  * @since 1.2.0
</span><span class="cx">  *
</span><span class="cx">  * @param unknown_type $meta_id
</span><del>- * @param unknown_type $meta_key
- * @param unknown_type $meta_value
</del><ins>+ * @param unknown_type $meta_key Expect Slashed
+ * @param unknown_type $meta_value Expect Slashed
</ins><span class="cx">  * @return unknown
</span><span class="cx">  */
</span><span class="cx"> function update_meta( $meta_id, $meta_key, $meta_value ) {
</span><ins>+        $meta_key = stripslashes( $meta_key );
+        $meta_value = stripslashes_deep( $meta_value );
+
</ins><span class="cx">         return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -769,6 +775,8 @@
</span><span class="cx"> 
</span><span class="cx">         if ( $replace ) {
</span><span class="cx">                 $post['post_content'] = $content;
</span><ins>+                // Escape data pulled from DB.
+                $post = add_magic_quotes($post);
</ins><span class="cx"> 
</span><span class="cx">                 return wp_update_post($post);
</span><span class="cx">         }
</span><span class="lines">@@ -1179,7 +1187,7 @@
</span><span class="cx">         $now = time();
</span><span class="cx">         $lock = &quot;$now:$user_id&quot;;
</span><span class="cx"> 
</span><del>-        wp_update_post_meta( $post-&gt;ID, '_edit_lock', $lock );
</del><ins>+        update_post_meta( $post-&gt;ID, '_edit_lock', $lock );
</ins><span class="cx">         return array( $now, $user_id );
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -1230,14 +1238,14 @@
</span><span class="cx"> 
</span><span class="cx">         // Only store one autosave. If there is already an autosave, overwrite it.
</span><span class="cx">         if ( $old_autosave = wp_get_post_autosave( $post_id ) ) {
</span><del>-                $new_autosave = _wp_post_revision_fields( wp_unslash( $_POST ), true );
</del><ins>+                $new_autosave = _wp_post_revision_fields( $_POST, true );
</ins><span class="cx">                 $new_autosave['ID'] = $old_autosave-&gt;ID;
</span><span class="cx">                 $new_autosave['post_author'] = get_current_user_id();
</span><span class="cx">                 return wp_update_post( $new_autosave );
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         // _wp_put_post_revision() expects unescaped.
</span><del>-        $_POST = wp_unslash( $_POST );
</del><ins>+        $_POST = stripslashes_deep($_POST);
</ins><span class="cx"> 
</span><span class="cx">         // Otherwise create the new autosave as a special post revision
</span><span class="cx">         return _wp_put_post_revision( $_POST, true );
</span></span></pre></div>
<a id="trunkwpadminincludesschemaphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/schema.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/schema.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/schema.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -505,11 +505,13 @@
</span><span class="cx">                 else
</span><span class="cx">                         $autoload = 'yes';
</span><span class="cx"> 
</span><ins>+                $option = $wpdb-&gt;escape($option);
</ins><span class="cx">                 if ( is_array($value) )
</span><span class="cx">                         $value = serialize($value);
</span><ins>+                $value = $wpdb-&gt;escape($value);
</ins><span class="cx">                 if ( !empty($insert) )
</span><span class="cx">                         $insert .= ', ';
</span><del>-                $insert .= $wpdb-&gt;prepare( &quot;(%s, %s, %s)&quot;, $option, $value, $autoload );
</del><ins>+                $insert .= &quot;('$option', '$value', '$autoload')&quot;;
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( !empty($insert) )
</span><span class="lines">@@ -919,11 +921,13 @@
</span><span class="cx"> 
</span><span class="cx">         $insert = '';
</span><span class="cx">         foreach ( $sitemeta as $meta_key =&gt; $meta_value ) {
</span><ins>+                $meta_key = $wpdb-&gt;escape( $meta_key );
</ins><span class="cx">                 if ( is_array( $meta_value ) )
</span><span class="cx">                         $meta_value = serialize( $meta_value );
</span><ins>+                $meta_value = $wpdb-&gt;escape( $meta_value );
</ins><span class="cx">                 if ( !empty( $insert ) )
</span><span class="cx">                         $insert .= ', ';
</span><del>-                $insert .= $wpdb-&gt;prepare( &quot;( %d, %s, %s)&quot;, $network_id, $meta_key, $meta_value );
</del><ins>+                $insert .= &quot;( $network_id, '$meta_key', '$meta_value')&quot;;
</ins><span class="cx">         }
</span><span class="cx">         $wpdb-&gt;query( &quot;INSERT INTO $wpdb-&gt;sitemeta ( site_id, meta_key, meta_value ) VALUES &quot; . $insert );
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludestaxonomyphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/taxonomy.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/taxonomy.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/taxonomy.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -157,6 +157,9 @@
</span><span class="cx">         // First, get all of the original fields
</span><span class="cx">         $category = get_category($cat_ID, ARRAY_A);
</span><span class="cx"> 
</span><ins>+        // Escape data pulled from DB.
+        $category = add_magic_quotes($category);
+
</ins><span class="cx">         // Merge old and new fields with new fields overwriting old ones.
</span><span class="cx">         $catarr = array_merge($category, $catarr);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludestemplatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/template.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/template.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/template.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1333,7 +1333,7 @@
</span><span class="cx">  *
</span><span class="cx">  */
</span><span class="cx"> function _admin_search_query() {
</span><del>-        echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
</del><ins>+        echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpadminincludesthemeinstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/theme-install.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/theme-install.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/theme-install.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -50,8 +50,8 @@
</span><span class="cx">  * @since 2.8.0
</span><span class="cx">  */
</span><span class="cx"> function install_theme_search_form( $type_selector = true ) {
</span><del>-        $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
-        $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
</del><ins>+        $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
+        $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
</ins><span class="cx">         if ( ! $type_selector )
</span><span class="cx">                 echo '&lt;p class=&quot;install-help&quot;&gt;' . __( 'Search for themes by keyword.' ) . '&lt;/p&gt;';
</span><span class="cx">         ?&gt;
</span><span class="lines">@@ -179,7 +179,7 @@
</span><span class="cx"> function install_theme_information() {
</span><span class="cx">         global $tab, $themes_allowedtags, $wp_list_table;
</span><span class="cx"> 
</span><del>-        $theme = themes_api( 'theme_information', array( 'slug' =&gt; wp_unslash( $_REQUEST['theme'] ) ) );
</del><ins>+        $theme = themes_api( 'theme_information', array( 'slug' =&gt; stripslashes( $_REQUEST['theme'] ) ) );
</ins><span class="cx"> 
</span><span class="cx">         if ( is_wp_error( $theme ) )
</span><span class="cx">                 wp_die( $theme );
</span></span></pre></div>
<a id="trunkwpadminincludesupgradephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/upgrade.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/upgrade.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/upgrade.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx">                 $first_post = get_site_option( 'first_post' );
</span><span class="cx"> 
</span><span class="cx">                 if ( empty($first_post) )
</span><del>-                        $first_post = __( 'Welcome to &lt;a href=&quot;SITE_URL&quot;&gt;SITE_NAME&lt;/a&gt;. This is your first post. Edit or delete it, then start blogging!' );
</del><ins>+                        $first_post = stripslashes( __( 'Welcome to &lt;a href=&quot;SITE_URL&quot;&gt;SITE_NAME&lt;/a&gt;. This is your first post. Edit or delete it, then start blogging!' ) );
</ins><span class="cx"> 
</span><span class="cx">                 $first_post = str_replace( &quot;SITE_URL&quot;, esc_url( network_home_url() ), $first_post );
</span><span class="cx">                 $first_post = str_replace( &quot;SITE_NAME&quot;, $current_site-&gt;site_name, $first_post );
</span><span class="lines">@@ -636,23 +636,23 @@
</span><span class="cx">         $users = $wpdb-&gt;get_results(&quot;SELECT * FROM $wpdb-&gt;users&quot;);
</span><span class="cx">         foreach ( $users as $user ) :
</span><span class="cx">                 if ( !empty( $user-&gt;user_firstname ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'first_name', $user-&gt;user_firstname );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'first_name', $wpdb-&gt;escape($user-&gt;user_firstname) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_lastname ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'last_name', $user-&gt;user_lastname );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'last_name', $wpdb-&gt;escape($user-&gt;user_lastname) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_nickname ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'nickname', $user-&gt;user_nickname );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'nickname', $wpdb-&gt;escape($user-&gt;user_nickname) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_level ) )
</span><span class="cx">                         update_user_meta( $user-&gt;ID, $wpdb-&gt;prefix . 'user_level', $user-&gt;user_level );
</span><span class="cx">                 if ( !empty( $user-&gt;user_icq ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'icq', $user-&gt;user_icq );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'icq', $wpdb-&gt;escape($user-&gt;user_icq) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_aim ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'aim', $user-&gt;user_aim );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'aim', $wpdb-&gt;escape($user-&gt;user_aim) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_msn ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'msn', $user-&gt;user_msn );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'msn', $wpdb-&gt;escape($user-&gt;user_msn) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_yim ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'yim', $user-&gt;user_icq );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'yim', $wpdb-&gt;escape($user-&gt;user_icq) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_description ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'description', $user-&gt;user_description );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'description', $wpdb-&gt;escape($user-&gt;user_description) );
</ins><span class="cx"> 
</span><span class="cx">                 if ( isset( $user-&gt;user_idmode ) ):
</span><span class="cx">                         $idmode = $user-&gt;user_idmode;
</span><span class="lines">@@ -854,7 +854,7 @@
</span><span class="cx">                 foreach ( $link_cats as $category) {
</span><span class="cx">                         $cat_id = (int) $category-&gt;cat_id;
</span><span class="cx">                         $term_id = 0;
</span><del>-                        $name = $category-&gt;cat_name;
</del><ins>+                        $name = $wpdb-&gt;escape($category-&gt;cat_name);
</ins><span class="cx">                         $slug = sanitize_title($name);
</span><span class="cx">                         $term_group = 0;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludesuserphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/user.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/user.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/includes/user.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -34,25 +34,22 @@
</span><span class="cx">                 $update = true;
</span><span class="cx">                 $user-&gt;ID = (int) $user_id;
</span><span class="cx">                 $userdata = get_userdata( $user_id );
</span><del>-                $user-&gt;user_login = $userdata-&gt;user_login;
</del><ins>+                $user-&gt;user_login = $wpdb-&gt;escape( $userdata-&gt;user_login );
</ins><span class="cx">         } else {
</span><span class="cx">                 $update = false;
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        // get clean data before we get started.
-        $post_data = wp_unslash( $_POST );
</del><ins>+        if ( !$update &amp;&amp; isset( $_POST['user_login'] ) )
+                $user-&gt;user_login = sanitize_user($_POST['user_login'], true);
</ins><span class="cx"> 
</span><del>-        if ( !$update &amp;&amp; isset( $post_data['user_login'] ) )
-                $user-&gt;user_login = sanitize_user($post_data['user_login'], true);
-
</del><span class="cx">         $pass1 = $pass2 = '';
</span><del>-        if ( isset( $post_data['pass1'] ))
-                $pass1 = $post_data['pass1'];
-        if ( isset( $post_data['pass2'] ))
-                $pass2 = $post_data['pass2'];
</del><ins>+        if ( isset( $_POST['pass1'] ))
+                $pass1 = $_POST['pass1'];
+        if ( isset( $_POST['pass2'] ))
+                $pass2 = $_POST['pass2'];
</ins><span class="cx"> 
</span><del>-        if ( isset( $post_data['role'] ) &amp;&amp; current_user_can( 'edit_users' ) ) {
-                $new_role = sanitize_text_field( $post_data['role'] );
</del><ins>+        if ( isset( $_POST['role'] ) &amp;&amp; current_user_can( 'edit_users' ) ) {
+                $new_role = sanitize_text_field( $_POST['role'] );
</ins><span class="cx">                 $potential_role = isset($wp_roles-&gt;role_objects[$new_role]) ? $wp_roles-&gt;role_objects[$new_role] : false;
</span><span class="cx">                 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
</span><span class="cx">                 // Multisite super admins can freely edit their blog roles -- they possess all caps.
</span><span class="lines">@@ -65,44 +62,44 @@
</span><span class="cx">                         wp_die(__('You can&amp;#8217;t give users that role.'));
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        if ( isset( $post_data['email'] ))
-                $user-&gt;user_email = sanitize_text_field( $post_data['email'] );
-        if ( isset( $post_data['url'] ) ) {
-                if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) {
</del><ins>+        if ( isset( $_POST['email'] ))
+                $user-&gt;user_email = sanitize_text_field( $_POST['email'] );
+        if ( isset( $_POST['url'] ) ) {
+                if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
</ins><span class="cx">                         $user-&gt;user_url = '';
</span><span class="cx">                 } else {
</span><del>-                        $user-&gt;user_url = esc_url_raw( $post_data['url'] );
</del><ins>+                        $user-&gt;user_url = esc_url_raw( $_POST['url'] );
</ins><span class="cx">                         $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
</span><span class="cx">                         $user-&gt;user_url = preg_match('/^(' . $protocols . '):/is', $user-&gt;user_url) ? $user-&gt;user_url : 'http://'.$user-&gt;user_url;
</span><span class="cx">                 }
</span><span class="cx">         }
</span><del>-        if ( isset( $post_data['first_name'] ) )
-                $user-&gt;first_name = sanitize_text_field( $post_data['first_name'] );
-        if ( isset( $post_data['last_name'] ) )
-                $user-&gt;last_name = sanitize_text_field( $post_data['last_name'] );
-        if ( isset( $post_data['nickname'] ) )
-                $user-&gt;nickname = sanitize_text_field( $post_data['nickname'] );
-        if ( isset( $post_data['display_name'] ) )
-                $user-&gt;display_name = sanitize_text_field( $post_data['display_name'] );
</del><ins>+        if ( isset( $_POST['first_name'] ) )
+                $user-&gt;first_name = sanitize_text_field( $_POST['first_name'] );
+        if ( isset( $_POST['last_name'] ) )
+                $user-&gt;last_name = sanitize_text_field( $_POST['last_name'] );
+        if ( isset( $_POST['nickname'] ) )
+                $user-&gt;nickname = sanitize_text_field( $_POST['nickname'] );
+        if ( isset( $_POST['display_name'] ) )
+                $user-&gt;display_name = sanitize_text_field( $_POST['display_name'] );
</ins><span class="cx"> 
</span><del>-        if ( isset( $post_data['description'] ) )
-                $user-&gt;description = trim( $post_data['description'] );
</del><ins>+        if ( isset( $_POST['description'] ) )
+                $user-&gt;description = trim( $_POST['description'] );
</ins><span class="cx"> 
</span><span class="cx">         foreach ( _wp_get_user_contactmethods( $user ) as $method =&gt; $name ) {
</span><del>-                if ( isset( $post_data[$method] ))
-                        $user-&gt;$method = sanitize_text_field( $post_data[$method] );
</del><ins>+                if ( isset( $_POST[$method] ))
+                        $user-&gt;$method = sanitize_text_field( $_POST[$method] );
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( $update ) {
</span><del>-                $user-&gt;rich_editing = isset( $post_data['rich_editing'] ) &amp;&amp; 'false' == $post_data['rich_editing'] ? 'false' : 'true';
-                $user-&gt;admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh';
-                $user-&gt;show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false';
</del><ins>+                $user-&gt;rich_editing = isset( $_POST['rich_editing'] ) &amp;&amp; 'false' == $_POST['rich_editing'] ? 'false' : 'true';
+                $user-&gt;admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
+                $user-&gt;show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
</ins><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $user-&gt;comment_shortcuts = isset( $post_data['comment_shortcuts'] ) &amp;&amp; 'true' == $post_data['comment_shortcuts'] ? 'true' : '';
</del><ins>+        $user-&gt;comment_shortcuts = isset( $_POST['comment_shortcuts'] ) &amp;&amp; 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
</ins><span class="cx"> 
</span><span class="cx">         $user-&gt;use_ssl = 0;
</span><del>-        if ( !empty($post_data['use_ssl']) )
</del><ins>+        if ( !empty($_POST['use_ssl']) )
</ins><span class="cx">                 $user-&gt;use_ssl = 1;
</span><span class="cx"> 
</span><span class="cx">         $errors = new WP_Error();
</span><span class="lines">@@ -127,7 +124,7 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         /* Check for &quot;\&quot; in password */
</span><del>-        if ( false !== strpos( $pass1, &quot;\\&quot; ) )
</del><ins>+        if ( false !== strpos( stripslashes($pass1), &quot;\\&quot; ) )
</ins><span class="cx">                 $errors-&gt;add( 'pass', __( '&lt;strong&gt;ERROR&lt;/strong&gt;: Passwords may not contain the character &quot;\\&quot;.' ), array( 'form-field' =&gt; 'pass1' ) );
</span><span class="cx"> 
</span><span class="cx">         /* checking the password has been typed twice the same */
</span><span class="lines">@@ -137,7 +134,7 @@
</span><span class="cx">         if ( !empty( $pass1 ) )
</span><span class="cx">                 $user-&gt;user_pass = $pass1;
</span><span class="cx"> 
</span><del>-        if ( !$update &amp;&amp; isset( $post_data['user_login'] ) &amp;&amp; !validate_username( $post_data['user_login'] ) )
</del><ins>+        if ( !$update &amp;&amp; isset( $_POST['user_login'] ) &amp;&amp; !validate_username( $_POST['user_login'] ) )
</ins><span class="cx">                 $errors-&gt;add( 'user_login', __( '&lt;strong&gt;ERROR&lt;/strong&gt;: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
</span><span class="cx"> 
</span><span class="cx">         if ( !$update &amp;&amp; username_exists( $user-&gt;user_login ) )
</span><span class="lines">@@ -162,7 +159,7 @@
</span><span class="cx">                 $user_id = wp_update_user( $user );
</span><span class="cx">         } else {
</span><span class="cx">                 $user_id = wp_insert_user( $user );
</span><del>-                wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' );
</del><ins>+                wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' );
</ins><span class="cx">         }
</span><span class="cx">         return $user_id;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkwpadmininstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/install.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/install.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/install.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -84,10 +84,10 @@
</span><span class="cx">         if ( ! empty( $_POST ) )
</span><span class="cx">                 $blog_public = isset( $_POST['blog_public'] );
</span><span class="cx"> 
</span><del>-        $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
-        $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
-        $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
-        $admin_email  = isset( $_POST['admin_email']  ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
</del><ins>+        $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
+        $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
+        $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
+        $admin_email  = isset( $_POST['admin_email']  ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
</ins><span class="cx"> 
</span><span class="cx">         if ( ! is_null( $error ) ) {
</span><span class="cx"> ?&gt;
</span><span class="lines">@@ -189,11 +189,11 @@
</span><span class="cx"> 
</span><span class="cx">                 display_header();
</span><span class="cx">                 // Fill in the data we gathered
</span><del>-                $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
-                $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
-                $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
-                $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
-                $admin_email  = isset( $_POST['admin_email']  ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
</del><ins>+                $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
+                $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
+                $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
+                $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
+                $admin_email  = isset( $_POST['admin_email']  ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
</ins><span class="cx">                 $public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
</span><span class="cx">                 // check e-mail address
</span><span class="cx">                 $error = false;
</span></span></pre></div>
<a id="trunkwpadminlinkmanagerphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/link-manager.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/link-manager.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/link-manager.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -31,7 +31,7 @@
</span><span class="cx">                 exit;
</span><span class="cx">         }
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>-         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">          exit;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -72,7 +72,7 @@
</span><span class="cx"> &lt;?php screen_icon(); ?&gt;
</span><span class="cx"> &lt;h2&gt;&lt;?php echo esc_html( $title ); ?&gt; &lt;a href=&quot;link-add.php&quot; class=&quot;add-new-h2&quot;&gt;&lt;?php echo esc_html_x('Add New', 'link'); ?&gt;&lt;/a&gt; &lt;?php
</span><span class="cx"> if ( !empty($_REQUEST['s']) )
</span><del>-        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . __('Search results for &amp;#8220;%s&amp;#8221;') . '&lt;/span&gt;', esc_html( wp_unslash($_REQUEST['s']) ) ); ?&gt;
</del><ins>+        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . __('Search results for &amp;#8220;%s&amp;#8221;') . '&lt;/span&gt;', esc_html( stripslashes($_REQUEST['s']) ) ); ?&gt;
</ins><span class="cx"> &lt;/h2&gt;
</span><span class="cx"> 
</span><span class="cx"> &lt;?php
</span></span></pre></div>
<a id="trunkwpadminmediaphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/media.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/media.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/media.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -32,7 +32,7 @@
</span><span class="cx">                 }
</span><span class="cx">                 if ( false !== strpos($location, 'upload.php') ) {
</span><span class="cx">                         $location = remove_query_arg('message', $location);
</span><del>-                        $location = add_query_arg('posted', $attachment_id, $location);
</del><ins>+                        $location = add_query_arg('posted',        $attachment_id, $location);
</ins><span class="cx">                 } elseif ( false !== strpos($location, 'media.php') ) {
</span><span class="cx">                         $location = add_query_arg('message', 'updated', $location);
</span><span class="cx">                 }
</span></span></pre></div>
<a id="trunkwpadminnavmenusphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/nav-menus.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/nav-menus.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/nav-menus.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -93,7 +93,7 @@
</span><span class="cx">                                                 if ( ! is_wp_error( $parent_object ) ) {
</span><span class="cx">                                                         $parent_data = (array) $parent_object;
</span><span class="cx">                                                         $menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent'];
</span><del>-                                                        wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</del><ins>+                                                        update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</ins><span class="cx"> 
</span><span class="cx">                                                 }
</span><span class="cx"> 
</span><span class="lines">@@ -103,7 +103,7 @@
</span><span class="cx">                                                 $menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1;
</span><span class="cx"> 
</span><span class="cx">                                                 $menu_item_data['menu_item_parent'] = $next_item_data['ID'];
</span><del>-                                                wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</del><ins>+                                                update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</ins><span class="cx"> 
</span><span class="cx">                                                 wp_update_post($menu_item_data);
</span><span class="cx">                                                 wp_update_post($next_item_data);
</span><span class="lines">@@ -115,7 +115,7 @@
</span><span class="cx">                                         in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids )
</span><span class="cx">                                 ) {
</span><span class="cx">                                         $menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true);
</span><del>-                                        wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</del><ins>+                                        update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</ins><span class="cx">                                 }
</span><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="lines">@@ -190,7 +190,7 @@
</span><span class="cx">                                                         $menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1;
</span><span class="cx"> 
</span><span class="cx">                                                         // save changes
</span><del>-                                                        wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</del><ins>+                                                        update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</ins><span class="cx">                                                         wp_update_post($menu_item_data);
</span><span class="cx">                                                         wp_update_post($parent_data);
</span><span class="cx">                                                 }
</span><span class="lines">@@ -205,7 +205,7 @@
</span><span class="cx">                                         ) {
</span><span class="cx">                                                 // just make it a child of the previous; keep the order
</span><span class="cx">                                                 $menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1];
</span><del>-                                                wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</del><ins>+                                                update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
</ins><span class="cx">                                                 wp_update_post($menu_item_data);
</span><span class="cx">                                         }
</span><span class="cx">                                 }
</span></span></pre></div>
<a id="trunkwpadminnetworksettingsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/settings.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/settings.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/network/settings.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -61,7 +61,7 @@
</span><span class="cx">         foreach ( $options as $option_name ) {
</span><span class="cx">                 if ( ! isset($_POST[$option_name]) )
</span><span class="cx">                         continue;
</span><del>-                $value = wp_unslash( $_POST[$option_name] );
</del><ins>+                $value = stripslashes_deep( $_POST[$option_name] );
</ins><span class="cx">                 update_site_option( $option_name, $value );
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -181,7 +181,7 @@
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;label for=&quot;welcome_email&quot;&gt;&lt;?php _e( 'Welcome Email' ) ?&gt;&lt;/label&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><span class="cx">                                         &lt;textarea name=&quot;welcome_email&quot; id=&quot;welcome_email&quot; rows=&quot;5&quot; cols=&quot;45&quot; class=&quot;large-text&quot;&gt;
</span><del>-&lt;?php echo esc_textarea( get_site_option( 'welcome_email' ) ) ?&gt;&lt;/textarea&gt;
</del><ins>+&lt;?php echo esc_textarea( stripslashes( get_site_option( 'welcome_email' ) ) ) ?&gt;&lt;/textarea&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e( 'The welcome email sent to new site owners.' ) ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -190,7 +190,7 @@
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;label for=&quot;welcome_user_email&quot;&gt;&lt;?php _e( 'Welcome User Email' ) ?&gt;&lt;/label&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><span class="cx">                                         &lt;textarea name=&quot;welcome_user_email&quot; id=&quot;welcome_user_email&quot; rows=&quot;5&quot; cols=&quot;45&quot; class=&quot;large-text&quot;&gt;
</span><del>-&lt;?php echo esc_textarea( get_site_option( 'welcome_user_email' ) ) ?&gt;&lt;/textarea&gt;
</del><ins>+&lt;?php echo esc_textarea( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?&gt;&lt;/textarea&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e( 'The welcome email sent to new users.' ) ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -199,7 +199,7 @@
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;label for=&quot;first_post&quot;&gt;&lt;?php _e( 'First Post' ) ?&gt;&lt;/label&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><span class="cx">                                         &lt;textarea name=&quot;first_post&quot; id=&quot;first_post&quot; rows=&quot;5&quot; cols=&quot;45&quot; class=&quot;large-text&quot;&gt;
</span><del>-&lt;?php echo esc_textarea( get_site_option( 'first_post' ) ) ?&gt;&lt;/textarea&gt;
</del><ins>+&lt;?php echo esc_textarea( stripslashes( get_site_option( 'first_post' ) ) ) ?&gt;&lt;/textarea&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e( 'The first post on a new site.' ) ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -208,7 +208,7 @@
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;label for=&quot;first_page&quot;&gt;&lt;?php _e( 'First Page' ) ?&gt;&lt;/label&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><span class="cx">                                         &lt;textarea name=&quot;first_page&quot; id=&quot;first_page&quot; rows=&quot;5&quot; cols=&quot;45&quot; class=&quot;large-text&quot;&gt;
</span><del>-&lt;?php echo esc_textarea( get_site_option( 'first_page' ) ) ?&gt;&lt;/textarea&gt;
</del><ins>+&lt;?php echo esc_textarea( stripslashes( get_site_option('first_page') ) ) ?&gt;&lt;/textarea&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e( 'The first page on a new site.' ) ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span><span class="lines">@@ -217,7 +217,7 @@
</span><span class="cx">                                 &lt;th scope=&quot;row&quot;&gt;&lt;label for=&quot;first_comment&quot;&gt;&lt;?php _e( 'First Comment' ) ?&gt;&lt;/label&gt;&lt;/th&gt;
</span><span class="cx">                                 &lt;td&gt;
</span><span class="cx">                                         &lt;textarea name=&quot;first_comment&quot; id=&quot;first_comment&quot; rows=&quot;5&quot; cols=&quot;45&quot; class=&quot;large-text&quot;&gt;
</span><del>-&lt;?php echo esc_textarea( get_site_option( 'first_comment' ) ) ?&gt;&lt;/textarea&gt;
</del><ins>+&lt;?php echo esc_textarea( stripslashes( get_site_option('first_comment') ) ) ?&gt;&lt;/textarea&gt;
</ins><span class="cx">                                         &lt;br /&gt;
</span><span class="cx">                                         &lt;?php _e( 'The first comment on a new site.' ) ?&gt;
</span><span class="cx">                                 &lt;/td&gt;
</span></span></pre></div>
<a id="trunkwpadminnetworksiteinfophp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-info.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-info.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/network/site-info.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx">         delete_option( 'rewrite_rules' );
</span><span class="cx"> 
</span><span class="cx">         // update blogs table
</span><del>-        $blog_data = wp_unslash( $_POST['blog'] );
</del><ins>+        $blog_data = stripslashes_deep( $_POST['blog'] );
</ins><span class="cx">         $existing_details = get_blog_details( $id, false );
</span><span class="cx">         $blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
</span><span class="cx">         foreach ( $blog_data_checkboxes as $c ) {
</span></span></pre></div>
<a id="trunkwpadminnetworksitenewphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-new.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-new.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/network/site-new.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx"> 
</span><span class="cx">         if ( ! is_array( $_POST['blog'] ) )
</span><span class="cx">                 wp_die( __( 'Can&amp;#8217;t create an empty site.' ) );
</span><del>-        $blog = wp_unslash( $_POST['blog'] );
</del><ins>+        $blog = $_POST['blog'];
</ins><span class="cx">         $domain = '';
</span><span class="cx">         if ( preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) )
</span><span class="cx">                 $domain = strtolower( $blog['domain'] );
</span><span class="lines">@@ -88,7 +88,7 @@
</span><span class="cx">                 $content_mail = sprintf( __( 'New site created by %1$s
</span><span class="cx"> 
</span><span class="cx"> Address: %2$s
</span><del>-Name: %3$s' ), $current_user-&gt;user_login , get_site_url( $id ), $title );
</del><ins>+Name: %3$s' ), $current_user-&gt;user_login , get_site_url( $id ), stripslashes( $title ) );
</ins><span class="cx">                 wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site-&gt;site_name ), $content_mail, 'From: &quot;Site Admin&quot; &lt;' . get_site_option( 'admin_email' ) . '&gt;' );
</span><span class="cx">                 wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' =&gt; 1 ) );
</span><span class="cx">                 wp_redirect( add_query_arg( array( 'update' =&gt; 'added', 'id' =&gt; $id ), 'site-new.php' ) );
</span></span></pre></div>
<a id="trunkwpadminnetworksitesettingsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-settings.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-settings.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/network/site-settings.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -53,14 +53,12 @@
</span><span class="cx">         $count = count( $_POST['option'] );
</span><span class="cx">         $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
</span><span class="cx">         foreach ( (array) $_POST['option'] as $key =&gt; $val ) {
</span><del>-                $key = wp_unslash( $key );
-                $val = wp_unslash( $val );
</del><span class="cx">                 if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
</span><span class="cx">                         continue; // Avoids &quot;0 is a protected WP option and may not be modified&quot; error when edit blog options
</span><span class="cx">                 if ( $c == $count )
</span><del>-                        update_option( $key, $val );
</del><ins>+                        update_option( $key, stripslashes( $val ) );
</ins><span class="cx">                 else
</span><del>-                        update_option( $key, $val, false ); // no need to refresh blog details yet
</del><ins>+                        update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
</ins><span class="cx">                 $c++;
</span><span class="cx">         }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminnetworksitesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/sites.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/sites.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/network/sites.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -79,7 +79,7 @@
</span><span class="cx">                                         &lt;input type=&quot;hidden&quot; name=&quot;id&quot; value=&quot;&lt;?php echo esc_attr( $id ); ?&gt;&quot; /&gt;
</span><span class="cx">                                         &lt;input type=&quot;hidden&quot; name=&quot;_wp_http_referer&quot; value=&quot;&lt;?php echo esc_attr( wp_get_referer() ); ?&gt;&quot; /&gt;
</span><span class="cx">                                         &lt;?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?&gt;
</span><del>-                                        &lt;p&gt;&lt;?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?&gt;&lt;/p&gt;
</del><ins>+                                        &lt;p&gt;&lt;?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?&gt;&lt;/p&gt;
</ins><span class="cx">                                         &lt;?php submit_button( __('Confirm'), 'button' ); ?&gt;
</span><span class="cx">                                 &lt;/form&gt;
</span><span class="cx">                         &lt;/body&gt;
</span></span></pre></div>
<a id="trunkwpadminnetworkphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/network.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -520,7 +520,7 @@
</span><span class="cx">         $base              = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
</span><span class="cx">         $subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
</span><span class="cx">         if ( ! network_domain_check() ) {
</span><del>-                $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
</del><ins>+                $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
</ins><span class="cx">                 if ( is_wp_error( $result ) ) {
</span><span class="cx">                         if ( 1 == count( $result-&gt;get_error_codes() ) &amp;&amp; 'no_wildcard_dns' == $result-&gt;get_error_code() )
</span><span class="cx">                                 network_step2( $result );
</span></span></pre></div>
<a id="trunkwpadminoptionsheadphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/options-head.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/options-head.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/options-head.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -2,7 +2,8 @@
</span><span class="cx"> /**
</span><span class="cx">  * WordPress Options Header.
</span><span class="cx">  *
</span><del>- * Displays updated message, if updated variable is part of the URL query.
</del><ins>+ * Resets variables: 'action', 'standalone', and 'option_group_id'. Displays
+ * updated message, if updated variable is part of the URL query.
</ins><span class="cx">  *
</span><span class="cx">  * @package WordPress
</span><span class="cx">  * @subpackage Administration
</span></span></pre></div>
<a id="trunkwpadminoptionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/options.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/options.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/options.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -120,16 +120,16 @@
</span><span class="cx">         if ( 'options' == $option_page ) {
</span><span class="cx">                 if ( is_multisite() &amp;&amp; ! is_super_admin() )
</span><span class="cx">                         wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
</span><del>-                $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
</del><ins>+                $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
</ins><span class="cx">         } else {
</span><span class="cx">                 $options = $whitelist_options[ $option_page ];
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         // Handle custom date/time formats
</span><span class="cx">         if ( 'general' == $option_page ) {
</span><del>-                if ( !empty($_POST['date_format']) &amp;&amp; isset($_POST['date_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
</del><ins>+                if ( !empty($_POST['date_format']) &amp;&amp; isset($_POST['date_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
</ins><span class="cx">                         $_POST['date_format'] = $_POST['date_format_custom'];
</span><del>-                if ( !empty($_POST['time_format']) &amp;&amp; isset($_POST['time_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
</del><ins>+                if ( !empty($_POST['time_format']) &amp;&amp; isset($_POST['time_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
</ins><span class="cx">                         $_POST['time_format'] = $_POST['time_format_custom'];
</span><span class="cx">                 // Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
</span><span class="cx">                 if ( !empty($_POST['timezone_string']) &amp;&amp; preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
</span><span class="lines">@@ -150,7 +150,7 @@
</span><span class="cx">                                 $value = $_POST[ $option ];
</span><span class="cx">                                 if ( ! is_array( $value ) )
</span><span class="cx">                                         $value = trim( $value );
</span><del>-                                $value = wp_unslash( $value );
</del><ins>+                                $value = stripslashes_deep( $value );
</ins><span class="cx">                         }
</span><span class="cx">                         update_option( $option, $value );
</span><span class="cx">                 }
</span></span></pre></div>
<a id="trunkwpadminplugineditorphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/plugin-editor.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/plugin-editor.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/plugin-editor.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">         wp_die( __('There are no plugins installed on this site.') );
</span><span class="cx"> 
</span><span class="cx"> if ( isset($_REQUEST['file']) )
</span><del>-        $plugin = wp_unslash($_REQUEST['file']);
</del><ins>+        $plugin = stripslashes($_REQUEST['file']);
</ins><span class="cx"> 
</span><span class="cx"> if ( empty($plugin) ) {
</span><span class="cx">         $plugin = array_keys($plugins);
</span><span class="lines">@@ -39,6 +39,8 @@
</span><span class="cx"> 
</span><span class="cx"> if ( empty($file) )
</span><span class="cx">         $file = $plugin_files[0];
</span><ins>+else
+        $file = stripslashes($file);
</ins><span class="cx"> 
</span><span class="cx"> $file = validate_file_to_edit($file, $plugin_files);
</span><span class="cx"> $real_file = WP_PLUGIN_DIR . '/' . $file;
</span><span class="lines">@@ -50,7 +52,7 @@
</span><span class="cx"> 
</span><span class="cx">         check_admin_referer('edit-plugin_' . $file);
</span><span class="cx"> 
</span><del>-        $newcontent = wp_unslash( $_POST['newcontent'] );
</del><ins>+        $newcontent = stripslashes($_POST['newcontent']);
</ins><span class="cx">         if ( is_writeable($real_file) ) {
</span><span class="cx">                 $f = fopen($real_file, 'w+');
</span><span class="cx">                 fwrite($f, $newcontent);
</span></span></pre></div>
<a id="trunkwpadminpressthisphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/press-this.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/press-this.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/press-this.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -91,11 +91,11 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // Set Variables
</span><del>-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
</del><ins>+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
</ins><span class="cx"> 
</span><span class="cx"> $selection = '';
</span><span class="cx"> if ( !empty($_GET['s']) ) {
</span><del>-        $selection = str_replace('&amp;apos;', &quot;'&quot;, wp_unslash($_GET['s']));
</del><ins>+        $selection = str_replace('&amp;apos;', &quot;'&quot;, stripslashes($_GET['s']));
</ins><span class="cx">         $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminsetupconfigphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/setup-config.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/setup-config.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/setup-config.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -164,7 +164,7 @@
</span><span class="cx"> 
</span><span class="cx">         case 2:
</span><span class="cx">         foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
</span><del>-                $$key = trim( wp_unslash( $_POST[ $key ] ) );
</del><ins>+                $$key = trim( stripslashes( $_POST[ $key ] ) );
</ins><span class="cx"> 
</span><span class="cx">         $tryagain_link = '&lt;/p&gt;&lt;p class=&quot;step&quot;&gt;&lt;a href=&quot;setup-config.php?step=1&quot; onclick=&quot;javascript:history.go(-1);return false;&quot; class=&quot;button button-large&quot;&gt;' . __( 'Try again' ) . '&lt;/a&gt;';
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminthemeeditorphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/theme-editor.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/theme-editor.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/theme-editor.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -68,7 +68,7 @@
</span><span class="cx">         $relative_file = 'style.css';
</span><span class="cx">         $file = $allowed_files['style.css'];
</span><span class="cx"> } else {
</span><del>-        $relative_file = $file;
</del><ins>+        $relative_file = stripslashes( $file );
</ins><span class="cx">         $file = $theme-&gt;get_stylesheet_directory() . '/' . $relative_file;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -78,7 +78,7 @@
</span><span class="cx"> switch( $action ) {
</span><span class="cx"> case 'update':
</span><span class="cx">         check_admin_referer( 'edit-theme_' . $file . $stylesheet );
</span><del>-        $newcontent = wp_unslash( $_POST['newcontent'] );
</del><ins>+        $newcontent = stripslashes( $_POST['newcontent'] );
</ins><span class="cx">         $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&amp;theme=' . urlencode( $stylesheet ) . '&amp;scrollto=' . $scrollto;
</span><span class="cx">         if ( is_writeable( $file ) ) {
</span><span class="cx">                 //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
</span></span></pre></div>
<a id="trunkwpadminupdatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/update.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/update.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/update.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -26,7 +26,7 @@
</span><span class="cx">                 check_admin_referer( 'bulk-update-plugins' );
</span><span class="cx"> 
</span><span class="cx">                 if ( isset( $_GET['plugins'] ) )
</span><del>-                        $plugins = explode( ',', wp_unslash($_GET['plugins']) );
</del><ins>+                        $plugins = explode( ',', stripslashes($_GET['plugins']) );
</ins><span class="cx">                 elseif ( isset( $_POST['checked'] ) )
</span><span class="cx">                         $plugins = (array) $_POST['checked'];
</span><span class="cx">                 else
</span><span class="lines">@@ -109,7 +109,7 @@
</span><span class="cx">                 $nonce = 'install-plugin_' . $plugin;
</span><span class="cx">                 $url = 'update.php?action=install-plugin&amp;plugin=' . $plugin;
</span><span class="cx">                 if ( isset($_GET['from']) )
</span><del>-                        $url .= '&amp;from=' . urlencode( wp_unslash( $_GET['from'] ) );
</del><ins>+                        $url .= '&amp;from=' . urlencode(stripslashes($_GET['from']));
</ins><span class="cx"> 
</span><span class="cx">                 $type = 'web'; //Install plugin type, From Web or an Upload.
</span><span class="cx"> 
</span><span class="lines">@@ -173,7 +173,7 @@
</span><span class="cx">                 check_admin_referer( 'bulk-update-themes' );
</span><span class="cx"> 
</span><span class="cx">                 if ( isset( $_GET['themes'] ) )
</span><del>-                        $themes = explode( ',', wp_unslash( $_GET['themes'] ) );
</del><ins>+                        $themes = explode( ',', stripslashes($_GET['themes']) );
</ins><span class="cx">                 elseif ( isset( $_POST['checked'] ) )
</span><span class="cx">                         $themes = (array) $_POST['checked'];
</span><span class="cx">                 else
</span></span></pre></div>
<a id="trunkwpadminupgradephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/upgrade.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/upgrade.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/upgrade.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -77,7 +77,7 @@
</span><span class="cx"> &lt;?php else :
</span><span class="cx"> switch ( $step ) :
</span><span class="cx">         case 0:
</span><del>-                $goback = wp_get_referer();
</del><ins>+                $goback = stripslashes( wp_get_referer() );
</ins><span class="cx">                 $goback = esc_url_raw( $goback );
</span><span class="cx">                 $goback = urlencode( $goback );
</span><span class="cx"> ?&gt;
</span><span class="lines">@@ -90,7 +90,7 @@
</span><span class="cx">         case 1:
</span><span class="cx">                 wp_upgrade();
</span><span class="cx"> 
</span><del>-                        $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
</del><ins>+                        $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
</ins><span class="cx">                         $backto = esc_url( $backto );
</span><span class="cx">                         $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
</span><span class="cx"> ?&gt;
</span></span></pre></div>
<a id="trunkwpadminuploadphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/upload.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/upload.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/upload.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx">         wp_redirect( $location );
</span><span class="cx">         exit;
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>-         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">          exit;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminusereditphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/user-edit.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/user-edit.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/user-edit.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -54,7 +54,7 @@
</span><span class="cx">     '&lt;p&gt;' . __('&lt;a href=&quot;http://wordpress.org/support/&quot; target=&quot;_blank&quot;&gt;Support Forums&lt;/a&gt;') . '&lt;/p&gt;'
</span><span class="cx"> );
</span><span class="cx"> 
</span><del>-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer );
</del><ins>+$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
</ins><span class="cx"> 
</span><span class="cx"> $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminusernewphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/user-new.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/user-new.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/user-new.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -112,15 +112,15 @@
</span><span class="cx">                 }
</span><span class="cx">         } else {
</span><span class="cx">                 // Adding a new user to this blog
</span><del>-                $user_details = wpmu_validate_user_signup( wp_unslash( $_REQUEST[ 'user_login' ] ), wp_unslash( $_REQUEST[ 'email' ] ) );
</del><ins>+                $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
</ins><span class="cx">                 if ( is_wp_error( $user_details[ 'errors' ] ) &amp;&amp; !empty( $user_details[ 'errors' ]-&gt;errors ) ) {
</span><span class="cx">                         $add_user_errors = $user_details[ 'errors' ];
</span><span class="cx">                 } else {
</span><del>-                        $new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
</del><ins>+                        $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
</ins><span class="cx">                         if ( isset( $_POST[ 'noconfirmation' ] ) &amp;&amp; is_super_admin() ) {
</span><span class="cx">                                 add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
</span><span class="cx">                         }
</span><del>-                        wpmu_signup_user( $new_user_login, wp_unslash( $_REQUEST[ 'email' ] ), array( 'add_to_blog' =&gt; $wpdb-&gt;blogid, 'new_role' =&gt; $_REQUEST[ 'role' ] ) );
</del><ins>+                        wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' =&gt; $wpdb-&gt;blogid, 'new_role' =&gt; $_REQUEST[ 'role' ] ) );
</ins><span class="cx">                         if ( isset( $_POST[ 'noconfirmation' ] ) &amp;&amp; is_super_admin() ) {
</span><span class="cx">                                 $key = $wpdb-&gt;get_var( $wpdb-&gt;prepare( &quot;SELECT activation_key FROM {$wpdb-&gt;signups} WHERE user_login = %s AND user_email = %s&quot;, $new_user_login, $_REQUEST[ 'email' ] ) );
</span><span class="cx">                                 wpmu_activate_signup( $key );
</span><span class="lines">@@ -309,7 +309,7 @@
</span><span class="cx">         $var = &quot;new_user_$var&quot;;
</span><span class="cx">         if( isset( $_POST['createuser'] ) ) {
</span><span class="cx">                 if ( ! isset($$var) )
</span><del>-                        $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
</del><ins>+                        $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
</ins><span class="cx">         } else {
</span><span class="cx">                 $$var = false;
</span><span class="cx">         }
</span></span></pre></div>
<a id="trunkwpadminusersphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/users.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/users.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-admin/users.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -64,9 +64,9 @@
</span><span class="cx"> );
</span><span class="cx"> 
</span><span class="cx"> if ( empty($_REQUEST) ) {
</span><del>-        $referer = '&lt;input type=&quot;hidden&quot; name=&quot;wp_http_referer&quot; value=&quot;'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '&quot; /&gt;';
</del><ins>+        $referer = '&lt;input type=&quot;hidden&quot; name=&quot;wp_http_referer&quot; value=&quot;'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '&quot; /&gt;';
</ins><span class="cx"> } elseif ( isset($_REQUEST['wp_http_referer']) ) {
</span><del>-        $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) );
</del><ins>+        $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
</ins><span class="cx">         $referer = '&lt;input type=&quot;hidden&quot; name=&quot;wp_http_referer&quot; value=&quot;' . esc_attr($redirect) . '&quot; /&gt;';
</span><span class="cx"> } else {
</span><span class="cx">         $redirect = 'users.php';
</span><span class="lines">@@ -357,7 +357,7 @@
</span><span class="cx"> default:
</span><span class="cx"> 
</span><span class="cx">         if ( !empty($_GET['_wp_http_referer']) ) {
</span><del>-                wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+                wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
</ins><span class="cx">                 exit;
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -381,7 +381,7 @@
</span><span class="cx">                 case 'add':
</span><span class="cx">                         if ( isset( $_GET['id'] ) &amp;&amp; ( $user_id = $_GET['id'] ) &amp;&amp; current_user_can( 'edit_user', $user_id ) ) {
</span><span class="cx">                                 $messages[] = '&lt;div id=&quot;message&quot; class=&quot;updated&quot;&gt;&lt;p&gt;' . sprintf( __( 'New user created. &lt;a href=&quot;%s&quot;&gt;Edit user&lt;/a&gt;' ),
</span><del>-                                        esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
</del><ins>+                                        esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ),
</ins><span class="cx">                                                 self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '&lt;/p&gt;&lt;/div&gt;';
</span><span class="cx">                         } else {
</span><span class="cx">                                 $messages[] = '&lt;div id=&quot;message&quot; class=&quot;updated&quot;&gt;&lt;p&gt;' . __( 'New user created.' ) . '&lt;/p&gt;&lt;/div&gt;';
</span></span></pre></div>
<a id="trunkwpcommentspostphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-comments-post.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-comments-post.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-comments-post.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -17,10 +17,8 @@
</span><span class="cx"> 
</span><span class="cx"> nocache_headers();
</span><span class="cx"> 
</span><del>-$post_data = wp_unslash( $_POST );
</del><ins>+$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
</ins><span class="cx"> 
</span><del>-$comment_post_ID = isset($post_data['comment_post_ID']) ? (int) $post_data['comment_post_ID'] : 0;
-
</del><span class="cx"> $post = get_post($comment_post_ID);
</span><span class="cx"> 
</span><span class="cx"> if ( empty($post-&gt;comment_status) ) {
</span><span class="lines">@@ -49,21 +47,21 @@
</span><span class="cx">         do_action('pre_comment_on_post', $comment_post_ID);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-$comment_author       = ( isset( $post_data['author'] ) )  ? trim( strip_tags( $post_data['author'] ) ) : null;
-$comment_author_email = ( isset( $post_data['email'] ) )   ? trim( $post_data['email'] ) : null;
-$comment_author_url   = ( isset( $post_data['url'] ) )     ? trim( $post_data['url'] ) : null;
-$comment_content      = ( isset( $post_data['comment'] ) ) ? trim( $post_data['comment'] ) : null;
</del><ins>+$comment_author       = ( isset($_POST['author']) )  ? trim(strip_tags($_POST['author'])) : null;
+$comment_author_email = ( isset($_POST['email']) )   ? trim($_POST['email']) : null;
+$comment_author_url   = ( isset($_POST['url']) )     ? trim($_POST['url']) : null;
+$comment_content      = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
</ins><span class="cx"> 
</span><span class="cx"> // If the user is logged in
</span><span class="cx"> $user = wp_get_current_user();
</span><span class="cx"> if ( $user-&gt;exists() ) {
</span><span class="cx">         if ( empty( $user-&gt;display_name ) )
</span><del>-                $user-&gt;display_name = $user-&gt;user_login;
-        $comment_author       = $user-&gt;display_name;
-        $comment_author_email = $user-&gt;user_email;
-        $comment_author_url   = $user-&gt;user_url;
</del><ins>+                $user-&gt;display_name=$user-&gt;user_login;
+        $comment_author       = $wpdb-&gt;escape($user-&gt;display_name);
+        $comment_author_email = $wpdb-&gt;escape($user-&gt;user_email);
+        $comment_author_url   = $wpdb-&gt;escape($user-&gt;user_url);
</ins><span class="cx">         if ( current_user_can('unfiltered_html') ) {
</span><del>-                if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $post_data['_wp_unfiltered_html_comment'] ) {
</del><ins>+                if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
</ins><span class="cx">                         kses_remove_filters(); // start with a clean slate
</span><span class="cx">                         kses_init_filters(); // set up the filters
</span><span class="cx">                 }
</span><span class="lines">@@ -85,7 +83,7 @@
</span><span class="cx"> if ( '' == $comment_content )
</span><span class="cx">         wp_die( __('&lt;strong&gt;ERROR&lt;/strong&gt;: please type a comment.') );
</span><span class="cx"> 
</span><del>-$comment_parent = isset($post_data['comment_parent']) ? absint($post_data['comment_parent']) : 0;
</del><ins>+$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
</ins><span class="cx"> 
</span><span class="cx"> $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
</span><span class="cx"> 
</span><span class="lines">@@ -94,7 +92,7 @@
</span><span class="cx"> $comment = get_comment($comment_id);
</span><span class="cx"> do_action('set_comment_cookies', $comment, $user);
</span><span class="cx"> 
</span><del>-$location = empty($post_data['redirect_to']) ? get_comment_link($comment_id) : $post_data['redirect_to'] . '#comment-' . $comment_id;
</del><ins>+$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
</ins><span class="cx"> $location = apply_filters('comment_post_redirect', $location, $comment);
</span><span class="cx"> 
</span><span class="cx"> wp_safe_redirect( $location );
</span></span></pre></div>
<a id="trunkwpincludesclasswpcustomizemanagerphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp-customize-manager.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp-customize-manager.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/class-wp-customize-manager.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -310,7 +310,7 @@
</span><span class="cx">         public function post_value( $setting ) {
</span><span class="cx">                 if ( ! isset( $this-&gt;_post_values ) ) {
</span><span class="cx">                         if ( isset( $_POST['customized'] ) )
</span><del>-                                $this-&gt;_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );
</del><ins>+                                $this-&gt;_post_values = json_decode( stripslashes( $_POST['customized'] ), true );
</ins><span class="cx">                         else
</span><span class="cx">                                 $this-&gt;_post_values = false;
</span><span class="cx">                 }
</span></span></pre></div>
<a id="trunkwpincludesclasswpcustomizesettingphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp-customize-setting.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp-customize-setting.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/class-wp-customize-setting.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -144,7 +144,7 @@
</span><span class="cx">          * @return mixed Null if an input isn't valid, otherwise the sanitized value.
</span><span class="cx">          */
</span><span class="cx">         public function sanitize( $value ) {
</span><del>-                $value = wp_unslash( $value );
</del><ins>+                $value = stripslashes_deep( $value );
</ins><span class="cx">                 return apply_filters( &quot;customize_sanitize_{$this-&gt;id}&quot;, $value, $this );
</span><span class="cx">         }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpincludesclasswpxmlrpcserverphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp-xmlrpc-server.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp-xmlrpc-server.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/class-wp-xmlrpc-server.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -280,15 +280,17 @@
</span><span class="cx">                                 $meta['id'] = (int) $meta['id'];
</span><span class="cx">                                 $pmeta = get_metadata_by_mid( 'post', $meta['id'] );
</span><span class="cx">                                 if ( isset($meta['key']) ) {
</span><ins>+                                        $meta['key'] = stripslashes( $meta['key'] );
</ins><span class="cx">                                         if ( $meta['key'] != $pmeta-&gt;meta_key )
</span><span class="cx">                                                 continue;
</span><ins>+                                        $meta['value'] = stripslashes_deep( $meta['value'] );
</ins><span class="cx">                                         if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
</span><span class="cx">                                                 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
</span><span class="cx">                                 } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta-&gt;meta_key ) ) {
</span><span class="cx">                                         delete_metadata_by_mid( 'post', $meta['id'] );
</span><span class="cx">                                 }
</span><del>-                        } elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
-                                wp_add_post_meta( $post_id, $meta['key'], $meta['value'] );
</del><ins>+                        } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
+                                add_post_meta( $post_id, $meta['key'], $meta['value'] );
</ins><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="cx">         }
</span><span class="lines">@@ -460,6 +462,8 @@
</span><span class="cx">                         return $this-&gt;blogger_getUsersBlogs( $args );
</span><span class="cx">                 }
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $username = $args[0];
</span><span class="cx">                 $password = $args[1];
</span><span class="cx"> 
</span><span class="lines">@@ -951,6 +955,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -1233,6 +1239,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 5 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -1266,6 +1274,7 @@
</span><span class="cx">                 else
</span><span class="cx">                         $post['post_date_gmt'] = $this-&gt;_convert_date( $post['post_date_gmt'] );
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $post );
</ins><span class="cx">                 $merged_content_struct = array_merge( $post, $content_struct );
</span><span class="cx"> 
</span><span class="cx">                 $retval = $this-&gt;_insert_post( $user, $merged_content_struct );
</span><span class="lines">@@ -1292,6 +1301,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id    = (int) $args[0];
</span><span class="cx">                 $username   = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -1366,6 +1377,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -1421,6 +1434,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 3 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id    = (int) $args[0];
</span><span class="cx">                 $username   = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -1514,6 +1529,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -1599,6 +1616,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 5 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -1689,6 +1708,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 5 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -1754,6 +1775,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 5 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -1805,6 +1828,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -1878,6 +1903,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -1920,6 +1947,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 3 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -1987,6 +2016,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id    = (int) $args[0];
</span><span class="cx">                 $username   = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -2038,6 +2069,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 3 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id    = (int) $args[0];
</span><span class="cx">                 $username   = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -2104,6 +2137,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 3 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id    = (int) $args[0];
</span><span class="cx">                 $username   = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -2149,6 +2184,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -2212,6 +2249,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getPage($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $page_id        = (int) $args[1];
</span><span class="cx">                 $username        = $args[2];
</span><span class="lines">@@ -2253,6 +2292,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getPages($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2295,8 +2336,9 @@
</span><span class="cx">          * @return unknown
</span><span class="cx">          */
</span><span class="cx">         function wp_newPage($args) {
</span><del>-                $username        = $args[1];
-                $password        = $args[2];
</del><ins>+                // Items not escaped here will be escaped in newPost.
+                $username        = $this-&gt;escape($args[1]);
+                $password        = $this-&gt;escape($args[2]);
</ins><span class="cx">                 $page                = $args[3];
</span><span class="cx">                 $publish        = $args[4];
</span><span class="cx"> 
</span><span class="lines">@@ -2321,6 +2363,8 @@
</span><span class="cx">          * @return bool True, if success.
</span><span class="cx">          */
</span><span class="cx">         function wp_deletePage($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2360,10 +2404,11 @@
</span><span class="cx">          * @return unknown
</span><span class="cx">          */
</span><span class="cx">         function wp_editPage($args) {
</span><ins>+                // Items not escaped here will be escaped in editPost.
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><del>-                $page_id        = (int) $args[1];
-                $username        = $args[2];
-                $password        = $args[3];
</del><ins>+                $page_id        = (int) $this-&gt;escape($args[1]);
+                $username        = $this-&gt;escape($args[2]);
+                $password        = $this-&gt;escape($args[3]);
</ins><span class="cx">                 $content        = $args[4];
</span><span class="cx">                 $publish        = $args[5];
</span><span class="cx"> 
</span><span class="lines">@@ -2408,6 +2453,8 @@
</span><span class="cx">         function wp_getPageList($args) {
</span><span class="cx">                 global $wpdb;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id                                = (int) $args[0];
</span><span class="cx">                 $username                                = $args[1];
</span><span class="cx">                 $password                                = $args[2];
</span><span class="lines">@@ -2456,6 +2503,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getAuthors($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2489,6 +2539,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getTags( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id                = (int) $args[0];
</span><span class="cx">                 $username                = $args[1];
</span><span class="cx">                 $password                = $args[2];
</span><span class="lines">@@ -2528,6 +2580,8 @@
</span><span class="cx">          * @return int Category ID.
</span><span class="cx">          */
</span><span class="cx">         function wp_newCategory($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id                                = (int) $args[0];
</span><span class="cx">                 $username                                = $args[1];
</span><span class="cx">                 $password                                = $args[2];
</span><span class="lines">@@ -2587,6 +2641,8 @@
</span><span class="cx">          * @return mixed See {@link wp_delete_term()} for return info.
</span><span class="cx">          */
</span><span class="cx">         function wp_deleteCategory($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id                = (int) $args[0];
</span><span class="cx">                 $username                = $args[1];
</span><span class="cx">                 $password                = $args[2];
</span><span class="lines">@@ -2617,6 +2673,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_suggestCategories($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id                                = (int) $args[0];
</span><span class="cx">                 $username                                = $args[1];
</span><span class="cx">                 $password                                = $args[2];
</span><span class="lines">@@ -2652,6 +2710,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getComment($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2691,6 +2751,8 @@
</span><span class="cx">          * @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents
</span><span class="cx">          */
</span><span class="cx">         function wp_getComments($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2749,6 +2811,8 @@
</span><span class="cx">          * @return mixed {@link wp_delete_comment()}
</span><span class="cx">          */
</span><span class="cx">         function wp_deleteComment($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2801,6 +2865,8 @@
</span><span class="cx">          * @return bool True, on success.
</span><span class="cx">          */
</span><span class="cx">         function wp_editComment($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2876,6 +2942,8 @@
</span><span class="cx">         function wp_newComment($args) {
</span><span class="cx">                 global $wpdb;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2910,9 +2978,9 @@
</span><span class="cx">                 $comment['comment_post_ID'] = $post_id;
</span><span class="cx"> 
</span><span class="cx">                 if ( $logged_in ) {
</span><del>-                        $comment['comment_author'] = $user-&gt;display_name;
-                        $comment['comment_author_email'] = $user-&gt;user_email;
-                        $comment['comment_author_url'] = $user-&gt;user_url;
</del><ins>+                        $comment['comment_author'] = $wpdb-&gt;escape( $user-&gt;display_name );
+                        $comment['comment_author_email'] = $wpdb-&gt;escape( $user-&gt;user_email );
+                        $comment['comment_author_url'] = $wpdb-&gt;escape( $user-&gt;user_url );
</ins><span class="cx">                         $comment['user_ID'] = $user-&gt;ID;
</span><span class="cx">                 } else {
</span><span class="cx">                         $comment['comment_author'] = '';
</span><span class="lines">@@ -2959,6 +3027,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getCommentStatusList($args) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -2983,6 +3053,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getCommentCount( $args ) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3014,6 +3086,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getPostStatusList( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3038,6 +3112,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getPageStatusList( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3062,6 +3138,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getPageTemplates( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3087,6 +3165,8 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function wp_getOptions( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3135,6 +3215,8 @@
</span><span class="cx">          * @return unknown
</span><span class="cx">          */
</span><span class="cx">         function wp_setOptions( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3182,6 +3264,8 @@
</span><span class="cx">          *  - 'metadata'
</span><span class="cx">          */
</span><span class="cx">         function wp_getMediaItem($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id                = (int) $args[0];
</span><span class="cx">                 $username                = $args[1];
</span><span class="cx">                 $password                = $args[2];
</span><span class="lines">@@ -3225,6 +3309,8 @@
</span><span class="cx">          * @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents
</span><span class="cx">          */
</span><span class="cx">         function wp_getMediaLibrary($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username        = $args[1];
</span><span class="cx">                 $password        = $args[2];
</span><span class="lines">@@ -3265,6 +3351,8 @@
</span><span class="cx">           * @return array
</span><span class="cx">           */
</span><span class="cx">         function wp_getPostFormats( $args ) {
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id = (int) $args[0];
</span><span class="cx">                 $username = $args[1];
</span><span class="cx">                 $password = $args[2];
</span><span class="lines">@@ -3323,6 +3411,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -3367,6 +3457,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 3 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id            = (int) $args[0];
</span><span class="cx">                 $username           = $args[1];
</span><span class="cx">                 $password           = $args[2];
</span><span class="lines">@@ -3419,6 +3511,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 4 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id    = (int) $args[0];
</span><span class="cx">                 $username   = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -3483,6 +3577,8 @@
</span><span class="cx">                 if ( ! $this-&gt;minimum_args( $args, 3 ) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape( $args );
+
</ins><span class="cx">                 $blog_id     = (int) $args[0];
</span><span class="cx">                 $username    = $args[1];
</span><span class="cx">                 $password    = $args[2];
</span><span class="lines">@@ -3532,6 +3628,8 @@
</span><span class="cx">                 if ( is_multisite() )
</span><span class="cx">                         return $this-&gt;_multisite_getUsersBlogs($args);
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $username = $args[1];
</span><span class="cx">                 $password  = $args[2];
</span><span class="cx"> 
</span><span class="lines">@@ -3593,6 +3691,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function blogger_getUserInfo($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $username = $args[1];
</span><span class="cx">                 $password  = $args[2];
</span><span class="cx"> 
</span><span class="lines">@@ -3624,6 +3725,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function blogger_getPost($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID    = (int) $args[1];
</span><span class="cx">                 $username = $args[2];
</span><span class="cx">                 $password  = $args[3];
</span><span class="lines">@@ -3642,9 +3746,9 @@
</span><span class="cx"> 
</span><span class="cx">                 $categories = implode(',', wp_get_post_categories($post_ID));
</span><span class="cx"> 
</span><del>-                $content  = '&lt;title&gt;'.$post_data['post_title'].'&lt;/title&gt;';
</del><ins>+                $content  = '&lt;title&gt;'.stripslashes($post_data['post_title']).'&lt;/title&gt;';
</ins><span class="cx">                 $content .= '&lt;category&gt;'.$categories.'&lt;/category&gt;';
</span><del>-                $content .= $post_data['post_content'];
</del><ins>+                $content .= stripslashes($post_data['post_content']);
</ins><span class="cx"> 
</span><span class="cx">                 $struct = array(
</span><span class="cx">                         'userid'    =&gt; $post_data['post_author'],
</span><span class="lines">@@ -3665,6 +3769,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function blogger_getRecentPosts($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 // $args[0] = appkey - ignored
</span><span class="cx">                 $blog_ID    = (int) $args[1]; /* though we don't use it yet */
</span><span class="cx">                 $username = $args[2];
</span><span class="lines">@@ -3693,9 +3800,9 @@
</span><span class="cx">                         $post_date  = $this-&gt;_convert_date( $entry['post_date'] );
</span><span class="cx">                         $categories = implode(',', wp_get_post_categories($entry['ID']));
</span><span class="cx"> 
</span><del>-                        $content  = '&lt;title&gt;'.$entry['post_title'].'&lt;/title&gt;';
</del><ins>+                        $content  = '&lt;title&gt;'.stripslashes($entry['post_title']).'&lt;/title&gt;';
</ins><span class="cx">                         $content .= '&lt;category&gt;'.$categories.'&lt;/category&gt;';
</span><del>-                        $content .= $entry['post_content'];
</del><ins>+                        $content .= stripslashes($entry['post_content']);
</ins><span class="cx"> 
</span><span class="cx">                         $struct[] = array(
</span><span class="cx">                                 'userid' =&gt; $entry['post_author'],
</span><span class="lines">@@ -3743,6 +3850,9 @@
</span><span class="cx">          * @return int
</span><span class="cx">          */
</span><span class="cx">         function blogger_newPost($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_ID    = (int) $args[1]; /* though we don't use it yet */
</span><span class="cx">                 $username = $args[2];
</span><span class="cx">                 $password  = $args[3];
</span><span class="lines">@@ -3794,6 +3904,9 @@
</span><span class="cx">          * @return bool true when done.
</span><span class="cx">          */
</span><span class="cx">         function blogger_editPost($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID     = (int) $args[1];
</span><span class="cx">                 $username  = $args[2];
</span><span class="cx">                 $password   = $args[3];
</span><span class="lines">@@ -3810,6 +3923,8 @@
</span><span class="cx">                 if ( !$actual_post || $actual_post['post_type'] != 'post' )
</span><span class="cx">                         return new IXR_Error(404, __('Sorry, no such post.'));
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($actual_post);
+
</ins><span class="cx">                 if ( !current_user_can('edit_post', $post_ID) )
</span><span class="cx">                         return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
</span><span class="cx"> 
</span><span class="lines">@@ -3845,6 +3960,8 @@
</span><span class="cx">          * @return bool True when post is deleted.
</span><span class="cx">          */
</span><span class="cx">         function blogger_deletePost($args) {
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID     = (int) $args[1];
</span><span class="cx">                 $username  = $args[2];
</span><span class="cx">                 $password   = $args[3];
</span><span class="lines">@@ -3913,11 +4030,13 @@
</span><span class="cx">          * @return int
</span><span class="cx">          */
</span><span class="cx">         function mw_newPost($args) {
</span><del>-                $blog_ID        = (int) $args[0];
-                $username       = $args[1];
-                $password       = $args[2];
</del><ins>+                $this-&gt;escape($args);
+
+                $blog_ID     = (int) $args[0];
+                $username  = $args[1];
+                $password   = $args[2];
</ins><span class="cx">                 $content_struct = $args[3];
</span><del>-                $publish        = isset( $args[4] ) ? $args[4] : 0;
</del><ins>+                $publish     = isset( $args[4] ) ? $args[4] : 0;
</ins><span class="cx"> 
</span><span class="cx">                 if ( !$user = $this-&gt;login($username, $password) )
</span><span class="cx">                         return $this-&gt;error;
</span><span class="lines">@@ -4197,7 +4316,7 @@
</span><span class="cx">                                 }
</span><span class="cx">                         }
</span><span class="cx">                         if (!$found)
</span><del>-                                wp_add_post_meta( $post_ID, 'enclosure', $encstring );
</del><ins>+                                add_post_meta( $post_ID, 'enclosure', $encstring );
</ins><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -4231,6 +4350,9 @@
</span><span class="cx">          * @return bool True on success.
</span><span class="cx">          */
</span><span class="cx">         function mw_editPost($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID        = (int) $args[0];
</span><span class="cx">                 $username       = $args[1];
</span><span class="cx">                 $password       = $args[2];
</span><span class="lines">@@ -4269,6 +4391,7 @@
</span><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($postdata);
</ins><span class="cx">                 extract($postdata, EXTR_SKIP);
</span><span class="cx"> 
</span><span class="cx">                 // Let WordPress manage slug if none was provided.
</span><span class="lines">@@ -4496,6 +4619,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function mw_getPost($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -4617,6 +4743,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function mw_getRecentPosts($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -4729,6 +4858,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function mw_getCategories($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -4775,10 +4907,10 @@
</span><span class="cx">         function mw_newMediaObject($args) {
</span><span class="cx">                 global $wpdb;
</span><span class="cx"> 
</span><del>-                $blog_ID   = (int) $args[0];
-                $username  = $args[1];
-                $password  = $args[2];
-                $data      = $args[3];
</del><ins>+                $blog_ID     = (int) $args[0];
+                $username  = $wpdb-&gt;escape($args[1]);
+                $password   = $wpdb-&gt;escape($args[2]);
+                $data        = $args[3];
</ins><span class="cx"> 
</span><span class="cx">                 $name = sanitize_file_name( $data['name'] );
</span><span class="cx">                 $type = $data['type'];
</span><span class="lines">@@ -4865,6 +4997,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function mt_getRecentPostTitles($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -4922,6 +5057,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function mt_getCategoryList($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $blog_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -4957,6 +5095,9 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function mt_getPostCategories($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -4997,6 +5138,9 @@
</span><span class="cx">          * @return bool True on success.
</span><span class="cx">          */
</span><span class="cx">         function mt_setPostCategories($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -5106,6 +5250,9 @@
</span><span class="cx">          * @return int
</span><span class="cx">          */
</span><span class="cx">         function mt_publishPost($args) {
</span><ins>+
+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $post_ID     = (int) $args[0];
</span><span class="cx">                 $username  = $args[1];
</span><span class="cx">                 $password   = $args[2];
</span><span class="lines">@@ -5127,6 +5274,7 @@
</span><span class="cx">                 // retain old cats
</span><span class="cx">                 $cats = wp_get_post_categories($post_ID);
</span><span class="cx">                 $postdata['post_category'] = $cats;
</span><ins>+                $this-&gt;escape($postdata);
</ins><span class="cx"> 
</span><span class="cx">                 $result = wp_update_post($postdata);
</span><span class="cx"> 
</span><span class="lines">@@ -5150,6 +5298,8 @@
</span><span class="cx"> 
</span><span class="cx">                 do_action('xmlrpc_call', 'pingback.ping');
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $pagelinkedfrom = $args[0];
</span><span class="cx">                 $pagelinkedto   = $args[1];
</span><span class="cx"> 
</span><span class="lines">@@ -5285,15 +5435,15 @@
</span><span class="cx">                 $pagelinkedfrom = str_replace('&amp;', '&amp;amp;', $pagelinkedfrom);
</span><span class="cx"> 
</span><span class="cx">                 $context = '[...] ' . esc_html( $excerpt ) . ' [...]';
</span><del>-                $pagelinkedfrom = $pagelinkedfrom;
</del><ins>+                $pagelinkedfrom = $wpdb-&gt;escape( $pagelinkedfrom );
</ins><span class="cx"> 
</span><span class="cx">                 $comment_post_ID = (int) $post_ID;
</span><span class="cx">                 $comment_author = $title;
</span><span class="cx">                 $comment_author_email = '';
</span><del>-                $comment_author;
</del><ins>+                $this-&gt;escape($comment_author);
</ins><span class="cx">                 $comment_author_url = $pagelinkedfrom;
</span><span class="cx">                 $comment_content = $context;
</span><del>-                $comment_content;
</del><ins>+                $this-&gt;escape($comment_content);
</ins><span class="cx">                 $comment_type = 'pingback';
</span><span class="cx"> 
</span><span class="cx">                 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
</span><span class="lines">@@ -5315,10 +5465,13 @@
</span><span class="cx">          * @return array
</span><span class="cx">          */
</span><span class="cx">         function pingback_extensions_getPingbacks($args) {
</span><ins>+
</ins><span class="cx">                 global $wpdb;
</span><span class="cx"> 
</span><span class="cx">                 do_action('xmlrpc_call', 'pingback.extensions.getPingbacks');
</span><span class="cx"> 
</span><ins>+                $this-&gt;escape($args);
+
</ins><span class="cx">                 $url = $args;
</span><span class="cx"> 
</span><span class="cx">                 $post_ID = url_to_postid($url);
</span></span></pre></div>
<a id="trunkwpincludesclasswpphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/class-wp.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -142,15 +142,15 @@
</span><span class="cx">                         $this-&gt;did_permalink = true;
</span><span class="cx"> 
</span><span class="cx">                         if ( isset($_SERVER['PATH_INFO']) )
</span><del>-                                $pathinfo = wp_unslash( $_SERVER['PATH_INFO'] );
</del><ins>+                                $pathinfo = $_SERVER['PATH_INFO'];
</ins><span class="cx">                         else
</span><span class="cx">                                 $pathinfo = '';
</span><span class="cx">                         $pathinfo_array = explode('?', $pathinfo);
</span><span class="cx">                         $pathinfo = str_replace(&quot;%&quot;, &quot;%25&quot;, $pathinfo_array[0]);
</span><del>-                        $req_uri = wp_unslash( $_SERVER['REQUEST_URI'] );
</del><ins>+                        $req_uri = $_SERVER['REQUEST_URI'];
</ins><span class="cx">                         $req_uri_array = explode('?', $req_uri);
</span><span class="cx">                         $req_uri = $req_uri_array[0];
</span><del>-                        $self = wp_unslash( $_SERVER['PHP_SELF'] );
</del><ins>+                        $self = $_SERVER['PHP_SELF'];
</ins><span class="cx">                         $home_path = parse_url(home_url());
</span><span class="cx">                         if ( isset($home_path['path']) )
</span><span class="cx">                                 $home_path = $home_path['path'];
</span><span class="lines">@@ -255,9 +255,9 @@
</span><span class="cx">                         if ( isset( $this-&gt;extra_query_vars[$wpvar] ) )
</span><span class="cx">                                 $this-&gt;query_vars[$wpvar] = $this-&gt;extra_query_vars[$wpvar];
</span><span class="cx">                         elseif ( isset( $_POST[$wpvar] ) )
</span><del>-                                $this-&gt;query_vars[$wpvar] = wp_unslash( $_POST[$wpvar] );
</del><ins>+                                $this-&gt;query_vars[$wpvar] = $_POST[$wpvar];
</ins><span class="cx">                         elseif ( isset( $_GET[$wpvar] ) )
</span><del>-                                $this-&gt;query_vars[$wpvar] = wp_unslash( $_GET[$wpvar] );
</del><ins>+                                $this-&gt;query_vars[$wpvar] = $_GET[$wpvar];
</ins><span class="cx">                         elseif ( isset( $perma_query_vars[$wpvar] ) )
</span><span class="cx">                                 $this-&gt;query_vars[$wpvar] = $perma_query_vars[$wpvar];
</span><span class="cx"> 
</span><span class="lines">@@ -356,7 +356,7 @@
</span><span class="cx"> 
</span><span class="cx">                         // Support for Conditional GET
</span><span class="cx">                         if (isset($_SERVER['HTTP_IF_NONE_MATCH']))
</span><del>-                                $client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597
</del><ins>+                                $client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH']));
</ins><span class="cx">                         else $client_etag = false;
</span><span class="cx"> 
</span><span class="cx">                         $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);
</span></span></pre></div>
<a id="trunkwpincludescommentphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/comment.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/comment.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/comment.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -633,22 +633,22 @@
</span><span class="cx">  */
</span><span class="cx"> function sanitize_comment_cookies() {
</span><span class="cx">         if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
</span><del>-                $comment_author = wp_unslash( $_COOKIE['comment_author_'.COOKIEHASH] );
-                $comment_author = apply_filters('pre_comment_author_name', $comment_author);
</del><ins>+                $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
+                $comment_author = stripslashes($comment_author);
</ins><span class="cx">                 $comment_author = esc_attr($comment_author);
</span><span class="cx">                 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
</span><del>-                $comment_author_email = wp_unslash( $_COOKIE['comment_author_email_'.COOKIEHASH] );
-                $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email);
</del><ins>+                $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
+                $comment_author_email = stripslashes($comment_author_email);
</ins><span class="cx">                 $comment_author_email = esc_attr($comment_author_email);
</span><span class="cx">                 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
</span><del>-                $comment_author_url = wp_unslash( $_COOKIE['comment_author_url_'.COOKIEHASH] );
-                $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url);
</del><ins>+                $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
+                $comment_author_url = stripslashes($comment_author_url);
</ins><span class="cx">                 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
</span><span class="cx">         }
</span><span class="cx"> }
</span><span class="lines">@@ -670,10 +670,11 @@
</span><span class="cx">         extract($commentdata, EXTR_SKIP);
</span><span class="cx"> 
</span><span class="cx">         // Simple duplicate check
</span><del>-        $dupe = $wpdb-&gt;prepare( &quot;SELECT comment_ID FROM $wpdb-&gt;comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s &quot;, $comment_post_ID, $comment_parent, $comment_author );
</del><ins>+        // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
+        $dupe = &quot;SELECT comment_ID FROM $wpdb-&gt;comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' &quot;;
</ins><span class="cx">         if ( $comment_author_email )
</span><del>-                $dupe .= $wpdb-&gt;prepare( &quot;OR comment_author_email = %s &quot;, $comment_author_email );
-        $dupe .= $wpdb-&gt;prepare( &quot;) AND comment_content = %s LIMIT 1&quot;, $comment_content );
</del><ins>+                $dupe .= &quot;OR comment_author_email = '$comment_author_email' &quot;;
+        $dupe .= &quot;) AND comment_content = '$comment_content' LIMIT 1&quot;;
</ins><span class="cx">         if ( $wpdb-&gt;get_var($dupe) ) {
</span><span class="cx">                 do_action( 'comment_duplicate_trigger', $commentdata );
</span><span class="cx">                 if ( defined('DOING_AJAX') )
</span><span class="lines">@@ -1261,7 +1262,7 @@
</span><span class="cx">  */
</span><span class="cx"> function wp_insert_comment($commentdata) {
</span><span class="cx">         global $wpdb;
</span><del>-        extract($commentdata, EXTR_SKIP);
</del><ins>+        extract(stripslashes_deep($commentdata), EXTR_SKIP);
</ins><span class="cx"> 
</span><span class="cx">         if ( ! isset($comment_author_IP) )
</span><span class="cx">                 $comment_author_IP = '';
</span><span class="lines">@@ -1490,6 +1491,9 @@
</span><span class="cx">         // First, get all of the original fields
</span><span class="cx">         $comment = get_comment($commentarr['comment_ID'], ARRAY_A);
</span><span class="cx"> 
</span><ins>+        // Escape data pulled from DB.
+        $comment = esc_sql($comment);
+
</ins><span class="cx">         $old_status = $comment['comment_approved'];
</span><span class="cx"> 
</span><span class="cx">         // Merge old and new fields with new fields overwriting old ones.
</span><span class="lines">@@ -1498,7 +1502,7 @@
</span><span class="cx">         $commentarr = wp_filter_comment( $commentarr );
</span><span class="cx"> 
</span><span class="cx">         // Now extract the merged array.
</span><del>-        extract($commentarr, EXTR_SKIP);
</del><ins>+        extract(stripslashes_deep($commentarr), EXTR_SKIP);
</ins><span class="cx"> 
</span><span class="cx">         $comment_content = apply_filters('comment_save_pre', $comment_content);
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpincludescronphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/cron.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/cron.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/cron.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -230,7 +230,7 @@
</span><span class="cx">                 set_transient( 'doing_cron', $doing_wp_cron );
</span><span class="cx"> 
</span><span class="cx">                 ob_start();
</span><del>-                wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+                wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) );
</ins><span class="cx">                 echo ' ';
</span><span class="cx"> 
</span><span class="cx">                 // flush any buffers and send the headers
</span></span></pre></div>
<a id="trunkwpincludesdefaultfiltersphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/default-filters.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/default-filters.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/default-filters.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -14,8 +14,8 @@
</span><span class="cx"> 
</span><span class="cx"> // Strip, trim, kses, special chars for string saves
</span><span class="cx"> foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
</span><del>-        add_filter( $filter, 'sanitize_text_field' );
-        add_filter( $filter, 'wp_kses_data' );
</del><ins>+        add_filter( $filter, 'sanitize_text_field'  );
+        add_filter( $filter, 'wp_filter_kses'       );
</ins><span class="cx">         add_filter( $filter, '_wp_specialchars', 30 );
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -31,7 +31,7 @@
</span><span class="cx"> 
</span><span class="cx"> // Kses only for textarea saves
</span><span class="cx"> foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
</span><del>-        add_filter( $filter, 'wp_kses_data' );
</del><ins>+        add_filter( $filter, 'wp_filter_kses' );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // Kses only for textarea admin displays
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx"> foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
</span><span class="cx">         add_filter( $filter, 'trim'           );
</span><span class="cx">         add_filter( $filter, 'sanitize_email' );
</span><del>-        add_filter( $filter, 'wp_kses_data' );
</del><ins>+        add_filter( $filter, 'wp_filter_kses' );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // Email admin display
</span></span></pre></div>
<a id="trunkwpincludesdefaultwidgetsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/default-widgets.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/default-widgets.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/default-widgets.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -413,7 +413,7 @@
</span><span class="cx">                 if ( current_user_can('unfiltered_html') )
</span><span class="cx">                         $instance['text'] =  $new_instance['text'];
</span><span class="cx">                 else
</span><del>-                        $instance['text'] = wp_kses_post( $new_instance['text'] );
</del><ins>+                        $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed
</ins><span class="cx">                 $instance['filter'] = isset($new_instance['filter']);
</span><span class="cx">                 return $instance;
</span><span class="cx">         }
</span><span class="lines">@@ -1057,8 +1057,8 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         function update( $new_instance, $old_instance ) {
</span><del>-                $instance['title'] = strip_tags( $new_instance['title'] );
-                $instance['taxonomy'] =  $new_instance['taxonomy'];
</del><ins>+                $instance['title'] = strip_tags(stripslashes($new_instance['title']));
+                $instance['taxonomy'] = stripslashes($new_instance['taxonomy']);
</ins><span class="cx">                 return $instance;
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="lines">@@ -1119,7 +1119,7 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         function update( $new_instance, $old_instance ) {
</span><del>-                $instance['title'] = strip_tags( $new_instance['title'] );
</del><ins>+                $instance['title'] = strip_tags( stripslashes($new_instance['title']) );
</ins><span class="cx">                 $instance['nav_menu'] = (int) $new_instance['nav_menu'];
</span><span class="cx">                 return $instance;
</span><span class="cx">         }
</span></span></pre></div>
<a id="trunkwpincludesdeprecatedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/deprecated.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/deprecated.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/deprecated.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -2383,7 +2383,7 @@
</span><span class="cx"> 
</span><span class="cx">         /** @todo Might need fix because usermeta data is assumed to be already escaped */
</span><span class="cx">         if ( is_string($meta_value) )
</span><del>-                $meta_value = $meta_value;
</del><ins>+                $meta_value = stripslashes($meta_value);
</ins><span class="cx">         $meta_value = maybe_serialize($meta_value);
</span><span class="cx"> 
</span><span class="cx">         if (empty($meta_value)) {
</span></span></pre></div>
<a id="trunkwpincludesfeedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/feed.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/feed.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/feed.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -488,7 +488,7 @@
</span><span class="cx">  */
</span><span class="cx"> function self_link() {
</span><span class="cx">         $host = @parse_url(home_url());
</span><del>-        echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
</del><ins>+        echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ) ) );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpincludesformattingphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/formatting.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/formatting.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/formatting.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1716,7 +1716,10 @@
</span><span class="cx">  * @return string Converted content.
</span><span class="cx">  */
</span><span class="cx"> function wp_rel_nofollow( $text ) {
</span><ins>+        // This is a pre save filter, so text is already escaped.
+        $text = stripslashes($text);
</ins><span class="cx">         $text = preg_replace_callback('|&lt;a (.+?)&gt;|i', 'wp_rel_nofollow_callback', $text);
</span><ins>+        $text = esc_sql($text);
</ins><span class="cx">         return $text;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -3339,53 +3342,3 @@
</span><span class="cx">         $urls_to_ping = implode( &quot;\n&quot;, $urls_to_ping );
</span><span class="cx">         return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
</span><span class="cx"> }
</span><del>-
-/**
- * Conditionally add slashes to a string or array of strings. When GPCS
- * slashing is turned on, slashes are added. When GPCS slashing is turned off,
- * slashes are not added.
- *
- * This should be used when preparing data for core API that deal directly with GPCS data.
- * Outside of unit tests, this should be rare. At a future date GPCS will no longer
- * be slashed and this function will noop. Do not use it in situations where adding slashes
- * is always required regardless of whether GPCS is slashed.
- *
- * @since 3.6.0
- *
- * @param string|array $value String or array of strings to slash.
- * @return string|array Slashed $value
- */
-function wp_slash( $value ) {
-        if ( is_array( $value ) ) {
-                foreach ( $value as $k =&gt; $v ) {
-                        if ( is_array( $v ) ) {
-                                $value[$k] = wp_slash( $v );
-                        } else {
-                                $value[$k] = addslashes( $v );
-                        }
-                }
-        } else {
-                $value = addslashes( $value );
-        }
-
-        return $value;
-}
-
-/**
- * Conditionally removes slashes from a string or array of strings. When GPCS
- * slashing is turned on, slashes are stripped. When GPCS slashing is turned off,
- * slashes are not stripped.
- *
- * This should be used for GPCS data before passing it along to core API. At a future
- * date GPCS will no longer be slashed and this function will noop. Do not use it
- * in situations where slash stripping is always required regardless of whether GPCS
- * is slashed.
- *
- * @since 3.6.0
- *
- * @param string|array $value String or array of strings to unslash.
- * @return string|array Unslashed $value
- */
-function wp_unslash( $value ) {
-        return stripslashes_deep( $value );
-}
</del></span></pre></div>
<a id="trunkwpincludesfunctionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/functions.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/functions.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/functions.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -468,7 +468,7 @@
</span><span class="cx">                                 }
</span><span class="cx"> 
</span><span class="cx">                                 if ( in_array( substr( $type, 0, strpos( $type, &quot;/&quot; ) ), $allowed_types ) ) {
</span><del>-                                        wp_add_post_meta( $post_ID, 'enclosure', &quot;$url\n$len\n$mime\n&quot; );
</del><ins>+                                        add_post_meta( $post_ID, 'enclosure', &quot;$url\n$len\n$mime\n&quot; );
</ins><span class="cx">                                 }
</span><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="lines">@@ -1257,9 +1257,9 @@
</span><span class="cx">  * @return string Original referer field.
</span><span class="cx">  */
</span><span class="cx"> function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
</span><del>-        $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
</del><ins>+        $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
</ins><span class="cx">         $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
</span><del>-        $orig_referer_field = '&lt;input type=&quot;hidden&quot; name=&quot;_wp_original_http_referer&quot; value=&quot;' . esc_attr( $ref ) . '&quot; /&gt;';
</del><ins>+        $orig_referer_field = '&lt;input type=&quot;hidden&quot; name=&quot;_wp_original_http_referer&quot; value=&quot;' . esc_attr( stripslashes( $ref ) ) . '&quot; /&gt;';
</ins><span class="cx">         if ( $echo )
</span><span class="cx">                 echo $orig_referer_field;
</span><span class="cx">         return $orig_referer_field;
</span><span class="lines">@@ -1278,11 +1278,11 @@
</span><span class="cx"> function wp_get_referer() {
</span><span class="cx">         $ref = false;
</span><span class="cx">         if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
</span><del>-                $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
</del><ins>+                $ref = $_REQUEST['_wp_http_referer'];
</ins><span class="cx">         else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
</span><del>-                $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
</del><ins>+                $ref = $_SERVER['HTTP_REFERER'];
</ins><span class="cx"> 
</span><del>-        if ( $ref &amp;&amp; $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
</del><ins>+        if ( $ref &amp;&amp; $ref !== $_SERVER['REQUEST_URI'] )
</ins><span class="cx">                 return $ref;
</span><span class="cx">         return false;
</span><span class="cx"> }
</span><span class="lines">@@ -1298,7 +1298,7 @@
</span><span class="cx">  */
</span><span class="cx"> function wp_get_original_referer() {
</span><span class="cx">         if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
</span><del>-                return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
</del><ins>+                return $_REQUEST['_wp_original_http_referer'];
</ins><span class="cx">         return false;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpincludesksesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/kses.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/kses.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/kses.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1326,18 +1326,18 @@
</span><span class="cx">  */
</span><span class="cx"> function kses_init_filters() {
</span><span class="cx">         // Normal filtering
</span><del>-        add_filter('title_save_pre', 'wp_kses_data');
</del><ins>+        add_filter('title_save_pre', 'wp_filter_kses');
</ins><span class="cx"> 
</span><span class="cx">         // Comment filtering
</span><span class="cx">         if ( current_user_can( 'unfiltered_html' ) )
</span><del>-                add_filter( 'pre_comment_content', 'wp_kses_post' );
</del><ins>+                add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
</ins><span class="cx">         else
</span><del>-                add_filter( 'pre_comment_content', 'wp_kses_data' );
</del><ins>+                add_filter( 'pre_comment_content', 'wp_filter_kses' );
</ins><span class="cx"> 
</span><span class="cx">         // Post filtering
</span><del>-        add_filter('content_save_pre', 'wp_kses_post');
-        add_filter('excerpt_save_pre', 'wp_kses_post');
-        add_filter('content_filtered_save_pre', 'wp_kses_post');
</del><ins>+        add_filter('content_save_pre', 'wp_filter_post_kses');
+        add_filter('excerpt_save_pre', 'wp_filter_post_kses');
+        add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="lines">@@ -1354,16 +1354,16 @@
</span><span class="cx">  */
</span><span class="cx"> function kses_remove_filters() {
</span><span class="cx">         // Normal filtering
</span><del>-        remove_filter('title_save_pre', 'wp_kses_data');
</del><ins>+        remove_filter('title_save_pre', 'wp_filter_kses');
</ins><span class="cx"> 
</span><span class="cx">         // Comment filtering
</span><del>-        remove_filter( 'pre_comment_content', 'wp_kses_post' );
-        remove_filter( 'pre_comment_content', 'wp_kses_data' );
</del><ins>+        remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
+        remove_filter( 'pre_comment_content', 'wp_filter_kses' );
</ins><span class="cx"> 
</span><span class="cx">         // Post filtering
</span><del>-        remove_filter('content_save_pre', 'wp_kses_post');
-        remove_filter('excerpt_save_pre', 'wp_kses_post');
-        remove_filter('content_filtered_save_pre', 'wp_kses_post');
</del><ins>+        remove_filter('content_save_pre', 'wp_filter_post_kses');
+        remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
+        remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpincludeslinktemplatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/link-template.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/link-template.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/link-template.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -746,7 +746,7 @@
</span><span class="cx">         if ( empty($query) )
</span><span class="cx">                 $search = get_search_query( false );
</span><span class="cx">         else
</span><del>-                $search = $query;
</del><ins>+                $search = stripslashes($query);
</ins><span class="cx"> 
</span><span class="cx">         $permastruct = $wp_rewrite-&gt;get_search_permastruct();
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpincludesmetaphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/meta.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/meta.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/meta.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -42,6 +42,9 @@
</span><span class="cx"> 
</span><span class="cx">         $column = esc_sql($meta_type . '_id');
</span><span class="cx"> 
</span><ins>+        // expected_slashed ($meta_key)
+        $meta_key = stripslashes($meta_key);
+        $meta_value = stripslashes_deep($meta_value);
</ins><span class="cx">         $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
</span><span class="cx"> 
</span><span class="cx">         $check = apply_filters( &quot;add_{$meta_type}_metadata&quot;, null, $object_id, $meta_key, $meta_value, $unique );
</span><span class="lines">@@ -110,7 +113,10 @@
</span><span class="cx">         $column = esc_sql($meta_type . '_id');
</span><span class="cx">         $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
</span><span class="cx"> 
</span><ins>+        // expected_slashed ($meta_key)
+        $meta_key = stripslashes($meta_key);
</ins><span class="cx">         $passed_value = $meta_value;
</span><ins>+        $meta_value = stripslashes_deep($meta_value);
</ins><span class="cx">         $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
</span><span class="cx"> 
</span><span class="cx">         $check = apply_filters( &quot;update_{$meta_type}_metadata&quot;, null, $object_id, $meta_key, $meta_value, $prev_value );
</span><span class="lines">@@ -189,6 +195,9 @@
</span><span class="cx"> 
</span><span class="cx">         $type_column = esc_sql($meta_type . '_id');
</span><span class="cx">         $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
</span><ins>+        // expected_slashed ($meta_key)
+        $meta_key = stripslashes($meta_key);
+        $meta_value = stripslashes_deep($meta_value);
</ins><span class="cx"> 
</span><span class="cx">         $check = apply_filters( &quot;delete_{$meta_type}_metadata&quot;, null, $object_id, $meta_key, $meta_value, $delete_all );
</span><span class="cx">         if ( null !== $check )
</span></span></pre></div>
<a id="trunkwpincludesmsfilesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/ms-files.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/ms-files.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/ms-files.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -58,7 +58,7 @@
</span><span class="cx"> header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
</span><span class="cx"> 
</span><span class="cx"> // Support for Conditional GET
</span><del>-$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
</del><ins>+$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
</ins><span class="cx"> 
</span><span class="cx"> if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
</span><span class="cx">         $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
</span></span></pre></div>
<a id="trunkwpincludesmsfunctionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/ms-functions.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/ms-functions.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/ms-functions.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -279,6 +279,9 @@
</span><span class="cx">  * @return int The ID of the newly created blog
</span><span class="cx">  */
</span><span class="cx"> function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) {
</span><ins>+        $domain                        = addslashes( $domain );
+        $weblog_title        = addslashes( $weblog_title );
+
</ins><span class="cx">         if ( empty($path) )
</span><span class="cx">                 $path = '/';
</span><span class="cx"> 
</span><span class="lines">@@ -579,7 +582,7 @@
</span><span class="cx"> 
</span><span class="cx">         $blogname = apply_filters( 'newblogname', $blogname );
</span><span class="cx"> 
</span><del>-        $blog_title = $blog_title;
</del><ins>+        $blog_title = stripslashes(  $blog_title );
</ins><span class="cx"> 
</span><span class="cx">         if ( empty( $blog_title ) )
</span><span class="cx">                 $errors-&gt;add('blog_title', __( 'Please enter a site title.' ) );
</span><span class="lines">@@ -632,7 +635,10 @@
</span><span class="cx">         global $wpdb;
</span><span class="cx"> 
</span><span class="cx">         $key = substr( md5( time() . rand() . $domain ), 0, 16 );
</span><del>-        $meta = serialize( $meta );
</del><ins>+        $meta = serialize($meta);
+        $domain = $wpdb-&gt;escape($domain);
+        $path = $wpdb-&gt;escape($path);
+        $title = $wpdb-&gt;escape($title);
</ins><span class="cx"> 
</span><span class="cx">         $wpdb-&gt;insert( $wpdb-&gt;signups, array(
</span><span class="cx">                 'domain' =&gt; $domain,
</span><span class="lines">@@ -645,7 +651,7 @@
</span><span class="cx">                 'meta' =&gt; $meta
</span><span class="cx">         ) );
</span><span class="cx"> 
</span><del>-        wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta );
</del><ins>+        wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="lines">@@ -834,8 +840,8 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         $meta = maybe_unserialize($signup-&gt;meta);
</span><del>-        $user_login = $signup-&gt;user_login;
-        $user_email = $signup-&gt;user_email;
</del><ins>+        $user_login = $wpdb-&gt;escape($signup-&gt;user_login);
+        $user_email = $wpdb-&gt;escape($signup-&gt;user_email);
</ins><span class="cx">         $password = wp_generate_password( 12, false );
</span><span class="cx"> 
</span><span class="cx">         $user_id = username_exists($user_login);
</span><span class="lines">@@ -1151,7 +1157,7 @@
</span><span class="cx">         else
</span><span class="cx">                 update_option( 'upload_path', get_blog_option( $current_site-&gt;blog_id, 'upload_path' ) );
</span><span class="cx"> 
</span><del>-        update_option( 'blogname', $blog_title );
</del><ins>+        update_option( 'blogname', stripslashes( $blog_title ) );
</ins><span class="cx">         update_option( 'admin_email', '' );
</span><span class="cx"> 
</span><span class="cx">         // remove all perms
</span><span class="lines">@@ -1208,9 +1214,9 @@
</span><span class="cx">         if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) )
</span><span class="cx">                 return false;
</span><span class="cx"> 
</span><del>-        $welcome_email = get_site_option( 'welcome_email' );
</del><ins>+        $welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
</ins><span class="cx">         if ( $welcome_email == false )
</span><del>-                $welcome_email = __( 'Dear User,
</del><ins>+                $welcome_email = stripslashes( __( 'Dear User,
</ins><span class="cx"> 
</span><span class="cx"> Your new SITE_NAME site has been successfully set up at:
</span><span class="cx"> BLOG_URL
</span><span class="lines">@@ -1222,7 +1228,7 @@
</span><span class="cx"> 
</span><span class="cx"> We hope you enjoy your new site. Thanks!
</span><span class="cx"> 
</span><del>---The Team @ SITE_NAME' );
</del><ins>+--The Team @ SITE_NAME' ) );
</ins><span class="cx"> 
</span><span class="cx">         $url = get_blogaddress_by_id($blog_id);
</span><span class="cx">         $user = get_userdata( $user_id );
</span><span class="lines">@@ -1246,7 +1252,7 @@
</span><span class="cx">         if ( empty( $current_site-&gt;site_name ) )
</span><span class="cx">                 $current_site-&gt;site_name = 'WordPress';
</span><span class="cx"> 
</span><del>-        $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site-&gt;site_name, $title ) );
</del><ins>+        $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site-&gt;site_name, stripslashes( $title ) ) );
</ins><span class="cx">         wp_mail($user-&gt;user_email, $subject, $message, $message_headers);
</span><span class="cx">         return true;
</span><span class="cx"> }
</span><span class="lines">@@ -1475,7 +1481,7 @@
</span><span class="cx"> function wpmu_log_new_registrations( $blog_id, $user_id ) {
</span><span class="cx">         global $wpdb;
</span><span class="cx">         $user = get_userdata( (int) $user_id );
</span><del>-        $wpdb-&gt;insert( $wpdb-&gt;registration_log, array('email' =&gt; $user-&gt;user_email, 'IP' =&gt; preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' =&gt; $blog_id, 'date_registered' =&gt; current_time('mysql')) );
</del><ins>+        $wpdb-&gt;insert( $wpdb-&gt;registration_log, array('email' =&gt; $user-&gt;user_email, 'IP' =&gt; preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' =&gt; $blog_id, 'date_registered' =&gt; current_time('mysql')) );
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpincludesnavmenuphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/nav-menu.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/nav-menu.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/nav-menu.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -370,20 +370,20 @@
</span><span class="cx"> 
</span><span class="cx">         $menu_item_db_id = (int) $menu_item_db_id;
</span><span class="cx"> 
</span><del>-        wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
-        wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );
-        wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );
-        wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
-        wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
</del><ins>+        update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
+        update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );
+        update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );
+        update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
+        update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
</ins><span class="cx"> 
</span><span class="cx">         $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
</span><span class="cx">         $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
</span><del>-        wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
-        wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
-        wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
</del><ins>+        update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
+        update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
+        update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
</ins><span class="cx"> 
</span><span class="cx">         if ( 0 == $menu_id )
</span><del>-                wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
</del><ins>+                update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
</ins><span class="cx">         elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) )
</span><span class="cx">                 delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpincludespluggablephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/pluggable.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/pluggable.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/pluggable.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -782,7 +782,7 @@
</span><span class="cx">         // The cookie is no good so force login
</span><span class="cx">         nocache_headers();
</span><span class="cx"> 
</span><del>-        $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) &amp;&amp; wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . wp_unslash( $_SERVER['HTTP_HOST'] ) . wp_unslash( $_SERVER['REQUEST_URI'] ) );
</del><ins>+        $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) &amp;&amp; wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
</ins><span class="cx"> 
</span><span class="cx">         $login_url = wp_login_url($redirect, true);
</span><span class="cx"> 
</span><span class="lines">@@ -1197,8 +1197,8 @@
</span><span class="cx"> function wp_new_user_notification($user_id, $plaintext_pass = '') {
</span><span class="cx">         $user = get_userdata( $user_id );
</span><span class="cx"> 
</span><del>-        $user_login = $user-&gt;user_login;
-        $user_email = $user-&gt;user_email;
</del><ins>+        $user_login = stripslashes($user-&gt;user_login);
+        $user_email = stripslashes($user-&gt;user_email);
</ins><span class="cx"> 
</span><span class="cx">         // The blogname option is escaped with esc_html on the way into the database in sanitize_option
</span><span class="cx">         // we want to reverse this for the plain text arena of emails.
</span></span></pre></div>
<a id="trunkwpincludesposttemplatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/post-template.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/post-template.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/post-template.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -583,7 +583,7 @@
</span><span class="cx">                 $wp_hasher = new PasswordHash(8, true);
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
</del><ins>+        $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
</ins><span class="cx"> 
</span><span class="cx">         return ! $wp_hasher-&gt;CheckPassword( $post-&gt;post_password, $hash );
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkwpincludespostphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/post.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/post.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/post.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1677,41 +1677,17 @@
</span><span class="cx">  * @link http://codex.wordpress.org/Function_Reference/add_post_meta
</span><span class="cx">  *
</span><span class="cx">  * @param int $post_id Post ID.
</span><del>- * @param string $meta_key Metadata name (expected slashed).
- * @param mixed $meta_value Metadata value (expected slashed).
</del><ins>+ * @param string $meta_key Metadata name.
+ * @param mixed $meta_value Metadata value.
</ins><span class="cx">  * @param bool $unique Optional, default is false. Whether the same key should not be added.
</span><span class="cx">  * @return bool False for failure. True for success.
</span><span class="cx">  */
</span><del>-function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
-        //_deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' );
-
-        // expected slashed
-        $meta_key = stripslashes( $meta_key );
-        $meta_value = stripslashes_deep( $meta_value );
-
-        return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique );
-}
-
-/**
- * Add meta data field to a post.
- *
- * Post meta data is called &quot;Custom Fields&quot; on the Administration Screen.
- *
- * @since 3.6.0
- * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta
- *
- * @param int $post_id Post ID.
- * @param string $meta_key Metadata name (clean, slashes already stripped).
- * @param mixed $meta_value Metadata value (clean, slashes already stripped).
- * @param bool $unique Optional, default is false. Whether the same key should not be added.
- * @return bool False for failure. True for success.
- */
-function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
</del><ins>+function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
</ins><span class="cx">         // make sure meta is added to the post, not a revision
</span><del>-        if ( $the_post = wp_is_post_revision( $post_id ) )
</del><ins>+        if ( $the_post = wp_is_post_revision($post_id) )
</ins><span class="cx">                 $post_id = $the_post;
</span><span class="cx"> 
</span><del>-        return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique );
</del><ins>+        return add_metadata('post', $post_id, $meta_key, $meta_value, $unique);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="lines">@@ -1768,45 +1744,17 @@
</span><span class="cx">  * @link http://codex.wordpress.org/Function_Reference/update_post_meta
</span><span class="cx">  *
</span><span class="cx">  * @param int $post_id Post ID.
</span><del>- * @param string $meta_key Metadata key (expected slashed).
- * @param mixed $meta_value Metadata value (expected slashed).
</del><ins>+ * @param string $meta_key Metadata key.
+ * @param mixed $meta_value Metadata value.
</ins><span class="cx">  * @param mixed $prev_value Optional. Previous value to check before removing.
</span><span class="cx">  * @return bool False on failure, true if success.
</span><span class="cx">  */
</span><del>-function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
-        //_deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' );
-
-        // expected slashed
-        $meta_key = stripslashes( $meta_key );
-        $meta_value = stripslashes_deep( $meta_value );
-
-        return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value );
-}
-
-/**
- * Update post meta field based on post ID.
- *
- * Use the $prev_value parameter to differentiate between meta fields with the
- * same key and post ID.
- *
- * If the meta field for the post does not exist, it will be added.
- *
- * @since 3.6.0
- * @uses $wpdb
- * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta
- *
- * @param int $post_id Post ID.
- * @param string $meta_key Metadata key (clean, slashes already stripped).
- * @param mixed $meta_value Metadata value (clean, slashes already stripped).
- * @param mixed $prev_value Optional. Previous value to check before removing.
- * @return bool False on failure, true if success.
- */
-function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
</del><ins>+function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
</ins><span class="cx">         // make sure meta is added to the post, not a revision
</span><del>-        if ( $the_post = wp_is_post_revision( $post_id ) )
</del><ins>+        if ( $the_post = wp_is_post_revision($post_id) )
</ins><span class="cx">                 $post_id = $the_post;
</span><span class="cx"> 
</span><del>-        return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value );
</del><ins>+        return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="lines">@@ -2393,8 +2341,8 @@
</span><span class="cx"> 
</span><span class="cx">         do_action('wp_trash_post', $post_id);
</span><span class="cx"> 
</span><del>-        wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
-        wp_add_post_meta($post_id,'_wp_trash_meta_time', time());
</del><ins>+        add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
+        add_post_meta($post_id,'_wp_trash_meta_time', time());
</ins><span class="cx"> 
</span><span class="cx">         $post['post_status'] = 'trash';
</span><span class="cx">         wp_insert_post($post);
</span><span class="lines">@@ -2470,7 +2418,7 @@
</span><span class="cx">         $statuses = array();
</span><span class="cx">         foreach ( $comments as $comment )
</span><span class="cx">                 $statuses[$comment-&gt;comment_ID] = $comment-&gt;comment_approved;
</span><del>-        wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
</del><ins>+        add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
</ins><span class="cx"> 
</span><span class="cx">         // Set status for all comments to post-trashed
</span><span class="cx">         $result = $wpdb-&gt;update($wpdb-&gt;comments, array('comment_approved' =&gt; 'post-trashed'), array('comment_post_ID' =&gt; $post_id));
</span><span class="lines">@@ -2846,8 +2794,10 @@
</span><span class="cx"> 
</span><span class="cx">         $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
</span><span class="cx"> 
</span><ins>+        // expected_slashed (everything!)
</ins><span class="cx">         $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
</span><span class="cx">         $data = apply_filters('wp_insert_post_data', $data, $postarr);
</span><ins>+        $data = stripslashes_deep( $data );
</ins><span class="cx">         $where = array( 'ID' =&gt; $post_ID );
</span><span class="cx"> 
</span><span class="cx">         if ( $update ) {
</span><span class="lines">@@ -2860,7 +2810,7 @@
</span><span class="cx">                 }
</span><span class="cx">         } else {
</span><span class="cx">                 if ( isset($post_mime_type) )
</span><del>-                        $data['post_mime_type'] = $post_mime_type; // This isn't in the update
</del><ins>+                        $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
</ins><span class="cx">                 // If there is a suggested ID, use it if not already present
</span><span class="cx">                 if ( !empty($import_id) ) {
</span><span class="cx">                         $import_id = (int) $import_id;
</span><span class="lines">@@ -2921,7 +2871,7 @@
</span><span class="cx">                         else
</span><span class="cx">                                 return 0;
</span><span class="cx">                 }
</span><del>-                wp_update_post_meta($post_ID, '_wp_page_template',  $page_template);
</del><ins>+                update_post_meta($post_ID, '_wp_page_template',  $page_template);
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         wp_transition_post_status($data['post_status'], $previous_status, $post);
</span><span class="lines">@@ -2954,11 +2904,15 @@
</span><span class="cx">         if ( is_object($postarr) ) {
</span><span class="cx">                 // non-escaped post was passed
</span><span class="cx">                 $postarr = get_object_vars($postarr);
</span><ins>+                $postarr = add_magic_quotes($postarr);
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         // First, get all of the original fields
</span><span class="cx">         $post = get_post($postarr['ID'], ARRAY_A);
</span><span class="cx"> 
</span><ins>+        // Escape data pulled from DB.
+        $post = add_magic_quotes($post);
+
</ins><span class="cx">         // Passed post category list overwrites existing category list if not empty.
</span><span class="cx">         if ( isset($postarr['post_category']) &amp;&amp; is_array($postarr['post_category'])
</span><span class="cx">                          &amp;&amp; 0 != count($postarr['post_category']) )
</span><span class="lines">@@ -3396,7 +3350,7 @@
</span><span class="cx">                 $trackback_urls = explode(',', $tb_list);
</span><span class="cx">                 foreach( (array) $trackback_urls as $tb_url) {
</span><span class="cx">                         $tb_url = trim($tb_url);
</span><del>-                        trackback($tb_url, $post_title, $excerpt, $post_id);
</del><ins>+                        trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
</ins><span class="cx">                 }
</span><span class="cx">         }
</span><span class="cx"> }
</span><span class="lines">@@ -3739,6 +3693,9 @@
</span><span class="cx">         if ( ! empty( $meta_key ) || ! empty( $meta_value ) ) {
</span><span class="cx">                 $join = &quot; LEFT JOIN $wpdb-&gt;postmeta ON ( $wpdb-&gt;posts.ID = $wpdb-&gt;postmeta.post_id )&quot;;
</span><span class="cx"> 
</span><ins>+                // meta_key and meta_value might be slashed
+                $meta_key = stripslashes($meta_key);
+                $meta_value = stripslashes($meta_value);
</ins><span class="cx">                 if ( ! empty( $meta_key ) )
</span><span class="cx">                         $where .= $wpdb-&gt;prepare(&quot; AND $wpdb-&gt;postmeta.meta_key = %s&quot;, $meta_key);
</span><span class="cx">                 if ( ! empty( $meta_value ) )
</span><span class="lines">@@ -3963,6 +3920,7 @@
</span><span class="cx">         else
</span><span class="cx">                 $post_name = sanitize_title($post_name);
</span><span class="cx"> 
</span><ins>+        // expected_slashed ($post_name)
</ins><span class="cx">         $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
</span><span class="cx"> 
</span><span class="cx">         if ( empty($post_date) )
</span><span class="lines">@@ -4005,7 +3963,9 @@
</span><span class="cx">         if ( ! isset($pinged) )
</span><span class="cx">                 $pinged = '';
</span><span class="cx"> 
</span><ins>+        // expected_slashed (everything!)
</ins><span class="cx">         $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
</span><ins>+        $data = stripslashes_deep( $data );
</ins><span class="cx"> 
</span><span class="cx">         if ( $update ) {
</span><span class="cx">                 $wpdb-&gt;update( $wpdb-&gt;posts, $data, array( 'ID' =&gt; $post_ID ) );
</span><span class="lines">@@ -4050,7 +4010,7 @@
</span><span class="cx">         clean_post_cache( $post_ID );
</span><span class="cx"> 
</span><span class="cx">         if ( ! empty( $context ) )
</span><del>-                wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
</del><ins>+                add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
</ins><span class="cx"> 
</span><span class="cx">         if ( $update) {
</span><span class="cx">                 do_action('edit_attachment', $post_ID);
</span><span class="lines">@@ -4437,7 +4397,7 @@
</span><span class="cx"> 
</span><span class="cx">         // if we haven't added this old slug before, add it now
</span><span class="cx">         if ( !empty( $post_before-&gt;post_name ) &amp;&amp; !in_array($post_before-&gt;post_name, $old_slugs) )
</span><del>-                wp_add_post_meta($post_id, '_wp_old_slug', $post_before-&gt;post_name);
</del><ins>+                add_post_meta($post_id, '_wp_old_slug', $post_before-&gt;post_name);
</ins><span class="cx"> 
</span><span class="cx">         // if the new slug was used previously, delete it from the list
</span><span class="cx">         if ( in_array($post-&gt;post_name, $old_slugs) )
</span><span class="lines">@@ -4854,8 +4814,8 @@
</span><span class="cx">                 return;
</span><span class="cx"> 
</span><span class="cx">         if ( get_option('default_pingback_flag') )
</span><del>-                wp_add_post_meta( $post_id, '_pingme', '1' );
-        wp_add_post_meta( $post_id, '_encloseme', '1' );
</del><ins>+                add_post_meta( $post_id, '_pingme', '1' );
+        add_post_meta( $post_id, '_encloseme', '1' );
</ins><span class="cx"> 
</span><span class="cx">         wp_schedule_single_event(time(), 'do_pings');
</span><span class="cx"> }
</span><span class="lines">@@ -4933,7 +4893,7 @@
</span><span class="cx">         $thumbnail_id = absint( $thumbnail_id );
</span><span class="cx">         if ( $post &amp;&amp; $thumbnail_id &amp;&amp; get_post( $thumbnail_id ) ) {
</span><span class="cx">                 if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) )
</span><del>-                        return wp_update_post_meta( $post-&gt;ID, '_thumbnail_id', $thumbnail_id );
</del><ins>+                        return update_post_meta( $post-&gt;ID, '_thumbnail_id', $thumbnail_id );
</ins><span class="cx">                 else
</span><span class="cx">                         return delete_post_meta( $post-&gt;ID, '_thumbnail_id' );
</span><span class="cx">         }
</span></span></pre></div>
<a id="trunkwpincludesqueryphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/query.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/query.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/query.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1733,6 +1733,7 @@
</span><span class="cx">                 // Category stuff
</span><span class="cx">                 if ( !empty($q['cat']) &amp;&amp; '0' != $q['cat'] &amp;&amp; !$this-&gt;is_singular &amp;&amp; $this-&gt;query_vars_changed ) {
</span><span class="cx">                         $q['cat'] = ''.urldecode($q['cat']).'';
</span><ins>+                        $q['cat'] = addslashes_gpc($q['cat']);
</ins><span class="cx">                         $cat_array = preg_split('/[,\s]+/', $q['cat']);
</span><span class="cx">                         $q['cat'] = '';
</span><span class="cx">                         $req_cats = array();
</span><span class="lines">@@ -2186,6 +2187,8 @@
</span><span class="cx"> 
</span><span class="cx">                 // If a search pattern is specified, load the posts that match
</span><span class="cx">                 if ( !empty($q['s']) ) {
</span><ins>+                        // added slashes screw with quote grouping when done early, so done later
+                        $q['s'] = stripslashes($q['s']);
</ins><span class="cx">                         if ( empty( $_GET['s'] ) &amp;&amp; $this-&gt;is_main_query() )
</span><span class="cx">                                 $q['s'] = urldecode($q['s']);
</span><span class="cx">                         if ( !empty($q['sentence']) ) {
</span><span class="lines">@@ -2294,6 +2297,7 @@
</span><span class="cx">                         $whichauthor = '';
</span><span class="cx">                 } else {
</span><span class="cx">                         $q['author'] = (string)urldecode($q['author']);
</span><ins>+                        $q['author'] = addslashes_gpc($q['author']);
</ins><span class="cx">                         if ( strpos($q['author'], '-') !== false ) {
</span><span class="cx">                                 $eq = '!=';
</span><span class="cx">                                 $andor = 'AND';
</span><span class="lines">@@ -2357,6 +2361,7 @@
</span><span class="cx">                                 $allowed_keys[] = 'meta_value_num';
</span><span class="cx">                         }
</span><span class="cx">                         $q['orderby'] = urldecode($q['orderby']);
</span><ins>+                        $q['orderby'] = addslashes_gpc($q['orderby']);
</ins><span class="cx"> 
</span><span class="cx">                         $orderby_array = array();
</span><span class="cx">                         foreach ( explode( ' ', $q['orderby'] ) as $i =&gt; $orderby ) {
</span></span></pre></div>
<a id="trunkwpincludesrevisionphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/revision.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/revision.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/revision.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -241,6 +241,7 @@
</span><span class="cx">                 return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) );
</span><span class="cx"> 
</span><span class="cx">         $post = _wp_post_revision_fields( $post, $autosave );
</span><ins>+        $post = add_magic_quotes($post); //since data is from db
</ins><span class="cx"> 
</span><span class="cx">         $revision_id = wp_insert_post( $post );
</span><span class="cx">         if ( is_wp_error($revision_id) )
</span><span class="lines">@@ -319,6 +320,8 @@
</span><span class="cx"> 
</span><span class="cx">         $update['ID'] = $revision['post_parent'];
</span><span class="cx"> 
</span><ins>+        $update = add_magic_quotes( $update ); //since data is from db
+
</ins><span class="cx">         $post_id = wp_update_post( $update );
</span><span class="cx">         if ( is_wp_error( $post_id ) )
</span><span class="cx">                 return $post_id;
</span></span></pre></div>
<a id="trunkwpincludestaxonomyphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/taxonomy.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/taxonomy.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/taxonomy.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -958,6 +958,8 @@
</span><span class="cx">                 if ( empty($value) )
</span><span class="cx">                         return false;
</span><span class="cx">         } else if ( 'name' == $field ) {
</span><ins>+                // Assume already escaped
+                $value = stripslashes($value);
</ins><span class="cx">                 $field = 't.name';
</span><span class="cx">         } else {
</span><span class="cx">                 $term = get_term( (int) $value, $taxonomy, $output, $filter);
</span><span class="lines">@@ -1497,7 +1499,7 @@
</span><span class="cx">                         return $wpdb-&gt;get_var( $wpdb-&gt;prepare( $select . $where, $term ) );
</span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        $term = trim( $term );
</del><ins>+        $term = trim( stripslashes( $term ) );
</ins><span class="cx"> 
</span><span class="cx">         if ( '' === $slug = sanitize_title($term) )
</span><span class="cx">                 return 0;
</span><span class="lines">@@ -2059,6 +2061,10 @@
</span><span class="cx">         $args = sanitize_term($args, $taxonomy, 'db');
</span><span class="cx">         extract($args, EXTR_SKIP);
</span><span class="cx"> 
</span><ins>+        // expected_slashed ($name)
+        $name = stripslashes($name);
+        $description = stripslashes($description);
+
</ins><span class="cx">         if ( empty($slug) )
</span><span class="cx">                 $slug = sanitize_title($name);
</span><span class="cx"> 
</span><span class="lines">@@ -2438,6 +2444,9 @@
</span><span class="cx">         if ( is_wp_error( $term ) )
</span><span class="cx">                 return $term;
</span><span class="cx"> 
</span><ins>+        // Escape data pulled from DB.
+        $term = add_magic_quotes($term);
+
</ins><span class="cx">         // Merge old and new args with new args overwriting old ones.
</span><span class="cx">         $args = array_merge($term, $args);
</span><span class="cx"> 
</span><span class="lines">@@ -2446,6 +2455,10 @@
</span><span class="cx">         $args = sanitize_term($args, $taxonomy, 'db');
</span><span class="cx">         extract($args, EXTR_SKIP);
</span><span class="cx"> 
</span><ins>+        // expected_slashed ($name)
+        $name = stripslashes($name);
+        $description = stripslashes($description);
+
</ins><span class="cx">         if ( '' == trim($name) )
</span><span class="cx">                 return new WP_Error('empty_term_name', __('A name is required for this term'));
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpincludesuserphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/user.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/user.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/user.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -1390,6 +1390,7 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' );
</span><ins>+        $data = stripslashes_deep( $data );
</ins><span class="cx"> 
</span><span class="cx">         if ( $update ) {
</span><span class="cx">                 $wpdb-&gt;update( $wpdb-&gt;users, $data, compact( 'ID' ) );
</span><span class="lines">@@ -1461,6 +1462,9 @@
</span><span class="cx">                 $user[ $key ] = get_user_meta( $ID, $key, true );
</span><span class="cx">         }
</span><span class="cx"> 
</span><ins>+        // Escape data pulled from DB.
+        $user = add_magic_quotes( $user );
+
</ins><span class="cx">         // If password is changing, hash it now.
</span><span class="cx">         if ( ! empty($userdata['user_pass']) ) {
</span><span class="cx">                 $plaintext_pass = $userdata['user_pass'];
</span><span class="lines">@@ -1500,8 +1504,8 @@
</span><span class="cx">  * @return int The new user's ID.
</span><span class="cx">  */
</span><span class="cx"> function wp_create_user($username, $password, $email = '') {
</span><del>-        $user_login = $username;
-        $user_email = $email;
</del><ins>+        $user_login = esc_sql( $username );
+        $user_email = esc_sql( $email    );
</ins><span class="cx">         $user_pass = $password;
</span><span class="cx"> 
</span><span class="cx">         $userdata = compact('user_login', 'user_email', 'user_pass');
</span></span></pre></div>
<a id="trunkwpincludeswidgetsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/widgets.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/widgets.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-includes/widgets.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -224,7 +224,7 @@
</span><span class="cx">                         }
</span><span class="cx"> 
</span><span class="cx">                         foreach ( $settings as $number =&gt; $new_instance ) {
</span><del>-                                $new_instance = wp_unslash($new_instance);
</del><ins>+                                $new_instance = stripslashes_deep($new_instance);
</ins><span class="cx">                                 $this-&gt;_set($number);
</span><span class="cx"> 
</span><span class="cx">                                 $old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array();
</span></span></pre></div>
<a id="trunkwploginphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-login.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-login.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-login.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -399,7 +399,7 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         // 10 days
</span><del>-        setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher-&gt;HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
</del><ins>+        setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher-&gt;HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
</ins><span class="cx"> 
</span><span class="cx">         wp_safe_redirect( wp_get_referer() );
</span><span class="cx">         exit();
</span><span class="lines">@@ -434,7 +434,7 @@
</span><span class="cx">         do_action('lost_password');
</span><span class="cx">         login_header(__('Lost Password'), '&lt;p class=&quot;message&quot;&gt;' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '&lt;/p&gt;', $errors);
</span><span class="cx"> 
</span><del>-        $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
</del><ins>+        $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
</ins><span class="cx"> 
</span><span class="cx"> ?&gt;
</span><span class="cx"> 
</span><span class="lines">@@ -533,8 +533,8 @@
</span><span class="cx">         $user_login = '';
</span><span class="cx">         $user_email = '';
</span><span class="cx">         if ( $http_post ) {
</span><del>-                $user_login = wp_unslash( $_POST['user_login'] );
-                $user_email = wp_unslash( $_POST['user_email'] );
</del><ins>+                $user_login = $_POST['user_login'];
+                $user_email = $_POST['user_email'];
</ins><span class="cx">                 $errors = register_new_user($user_login, $user_email);
</span><span class="cx">                 if ( !is_wp_error($errors) ) {
</span><span class="cx">                         $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
</span><span class="lines">@@ -550,11 +550,11 @@
</span><span class="cx"> &lt;form name=&quot;registerform&quot; id=&quot;registerform&quot; action=&quot;&lt;?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?&gt;&quot; method=&quot;post&quot;&gt;
</span><span class="cx">         &lt;p&gt;
</span><span class="cx">                 &lt;label for=&quot;user_login&quot;&gt;&lt;?php _e('Username') ?&gt;&lt;br /&gt;
</span><del>-                &lt;input type=&quot;text&quot; name=&quot;user_login&quot; id=&quot;user_login&quot; class=&quot;input&quot; value=&quot;&lt;?php echo esc_attr( $user_login ); ?&gt;&quot; size=&quot;20&quot; /&gt;&lt;/label&gt;
</del><ins>+                &lt;input type=&quot;text&quot; name=&quot;user_login&quot; id=&quot;user_login&quot; class=&quot;input&quot; value=&quot;&lt;?php echo esc_attr(stripslashes($user_login)); ?&gt;&quot; size=&quot;20&quot; /&gt;&lt;/label&gt;
</ins><span class="cx">         &lt;/p&gt;
</span><span class="cx">         &lt;p&gt;
</span><span class="cx">                 &lt;label for=&quot;user_email&quot;&gt;&lt;?php _e('E-mail') ?&gt;&lt;br /&gt;
</span><del>-                &lt;input type=&quot;text&quot; name=&quot;user_email&quot; id=&quot;user_email&quot; class=&quot;input&quot; value=&quot;&lt;?php echo esc_attr( $user_email ); ?&gt;&quot; size=&quot;25&quot; /&gt;&lt;/label&gt;
</del><ins>+                &lt;input type=&quot;text&quot; name=&quot;user_email&quot; id=&quot;user_email&quot; class=&quot;input&quot; value=&quot;&lt;?php echo esc_attr(stripslashes($user_email)); ?&gt;&quot; size=&quot;25&quot; /&gt;&lt;/label&gt;
</ins><span class="cx">         &lt;/p&gt;
</span><span class="cx"> &lt;?php do_action('register_form'); ?&gt;
</span><span class="cx">         &lt;p id=&quot;reg_passmail&quot;&gt;&lt;?php _e('A password will be e-mailed to you.') ?&gt;&lt;/p&gt;
</span><span class="lines">@@ -670,7 +670,7 @@
</span><span class="cx">         login_header(__('Log In'), '', $errors);
</span><span class="cx"> 
</span><span class="cx">         if ( isset($_POST['log']) )
</span><del>-                $user_login = ( 'incorrect_password' == $errors-&gt;get_error_code() || 'empty_password' == $errors-&gt;get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
</del><ins>+                $user_login = ( 'incorrect_password' == $errors-&gt;get_error_code() || 'empty_password' == $errors-&gt;get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
</ins><span class="cx">         $rememberme = ! empty( $_POST['rememberme'] );
</span><span class="cx"> ?&gt;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpmailphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-mail.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-mail.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-mail.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -202,6 +202,7 @@
</span><span class="cx">         $post_category = array(get_option('default_email_category'));
</span><span class="cx"> 
</span><span class="cx">         $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
</span><ins>+        $post_data = add_magic_quotes($post_data);
</ins><span class="cx"> 
</span><span class="cx">         $post_ID = wp_insert_post($post_data);
</span><span class="cx">         if ( is_wp_error( $post_ID ) )
</span></span></pre></div>
<a id="trunkwptrackbackphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-trackback.php (23553 => 23554)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-trackback.php        2013-03-01 16:27:03 UTC (rev 23553)
+++ trunk/wp-trackback.php        2013-03-01 16:28:40 UTC (rev 23554)
</span><span class="lines">@@ -45,9 +45,9 @@
</span><span class="cx"> $charset = isset($_POST['charset']) ? $_POST['charset'] : '';
</span><span class="cx"> 
</span><span class="cx"> // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
</span><del>-$title     = isset($_POST['title'])     ? wp_unslash( $_POST['title'] )      : '';
-$excerpt   = isset($_POST['excerpt'])   ? wp_unslash( $_POST['excerpt'] )    : '';
-$blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] )  : '';
</del><ins>+$title     = isset($_POST['title'])     ? stripslashes($_POST['title'])      : '';
+$excerpt   = isset($_POST['excerpt'])   ? stripslashes($_POST['excerpt'])    : '';
+$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name'])  : '';
</ins><span class="cx"> 
</span><span class="cx"> if ($charset)
</span><span class="cx">         $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
</span><span class="lines">@@ -64,6 +64,11 @@
</span><span class="cx">         $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+// Now that mb_convert_encoding() has been given a swing, we need to escape these three
+$title     = $wpdb-&gt;escape($title);
+$excerpt   = $wpdb-&gt;escape($excerpt);
+$blog_name = $wpdb-&gt;escape($blog_name);
+
</ins><span class="cx"> if ( is_single() || is_page() )
</span><span class="cx">         $tb_id = $posts[0]-&gt;ID;
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>