<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[23567] trunk/wp-admin: Use wp_unslash() instead of stripslashes() and stripslashes_deep().</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/23567">23567</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2013-03-01 17:14:09 +0000 (Fri, 01 Mar 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadmineditcommentsphp">trunk/wp-admin/edit-comments.php</a></li>
<li><a href="#trunkwpadminincludestemplatephp">trunk/wp-admin/includes/template.php</a></li>
<li><a href="#trunkwpadminincludesthemeinstallphp">trunk/wp-admin/includes/theme-install.php</a></li>
<li><a href="#trunkwpadminincludesupgradephp">trunk/wp-admin/includes/upgrade.php</a></li>
<li><a href="#trunkwpadminincludesuserphp">trunk/wp-admin/includes/user.php</a></li>
<li><a href="#trunkwpadmininstallphp">trunk/wp-admin/install.php</a></li>
<li><a href="#trunkwpadminlinkmanagerphp">trunk/wp-admin/link-manager.php</a></li>
<li><a href="#trunkwpadminnetworksiteinfophp">trunk/wp-admin/network/site-info.php</a></li>
<li><a href="#trunkwpadminnetworksitenewphp">trunk/wp-admin/network/site-new.php</a></li>
<li><a href="#trunkwpadminnetworksitesettingsphp">trunk/wp-admin/network/site-settings.php</a></li>
<li><a href="#trunkwpadminnetworksitesphp">trunk/wp-admin/network/sites.php</a></li>
<li><a href="#trunkwpadminnetworkphp">trunk/wp-admin/network.php</a></li>
<li><a href="#trunkwpadminoptionsheadphp">trunk/wp-admin/options-head.php</a></li>
<li><a href="#trunkwpadminoptionsphp">trunk/wp-admin/options.php</a></li>
<li><a href="#trunkwpadminplugineditorphp">trunk/wp-admin/plugin-editor.php</a></li>
<li><a href="#trunkwpadminpressthisphp">trunk/wp-admin/press-this.php</a></li>
<li><a href="#trunkwpadminsetupconfigphp">trunk/wp-admin/setup-config.php</a></li>
<li><a href="#trunkwpadminthemeeditorphp">trunk/wp-admin/theme-editor.php</a></li>
<li><a href="#trunkwpadminupgradephp">trunk/wp-admin/upgrade.php</a></li>
<li><a href="#trunkwpadminuploadphp">trunk/wp-admin/upload.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadmineditcommentsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-comments.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-comments.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/edit-comments.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -20,8 +20,8 @@
</span><span class="cx"> check_admin_referer( 'bulk-comments' );
</span><span class="cx">
</span><span class="cx"> if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
</span><del>- $comment_status = $_REQUEST['comment_status'];
- $delete_time = $_REQUEST['pagegen_timestamp'];
</del><ins>+ $comment_status = wp_unslash( $_REQUEST['comment_status'] );
+ $delete_time = wp_unslash ( $_REQUEST['pagegen_timestamp'] );
</ins><span class="cx"> $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
</span><span class="cx"> $doaction = 'delete';
</span><span class="cx"> } elseif ( isset( $_REQUEST['delete_comments'] ) ) {
</span></span></pre></div>
<a id="trunkwpadminincludestemplatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/template.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/template.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/template.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -1333,7 +1333,7 @@
</span><span class="cx"> *
</span><span class="cx"> */
</span><span class="cx"> function _admin_search_query() {
</span><del>- echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
</del><ins>+ echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpadminincludesthemeinstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/theme-install.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/theme-install.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/theme-install.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -50,8 +50,8 @@
</span><span class="cx"> * @since 2.8.0
</span><span class="cx"> */
</span><span class="cx"> function install_theme_search_form( $type_selector = true ) {
</span><del>- $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
- $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
</del><ins>+ $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
+ $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
</ins><span class="cx"> if ( ! $type_selector )
</span><span class="cx"> echo '<p class="install-help">' . __( 'Search for themes by keyword.' ) . '</p>';
</span><span class="cx"> ?>
</span><span class="lines">@@ -179,7 +179,7 @@
</span><span class="cx"> function install_theme_information() {
</span><span class="cx"> global $tab, $themes_allowedtags, $wp_list_table;
</span><span class="cx">
</span><del>- $theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) );
</del><ins>+ $theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) );
</ins><span class="cx">
</span><span class="cx"> if ( is_wp_error( $theme ) )
</span><span class="cx"> wp_die( $theme );
</span></span></pre></div>
<a id="trunkwpadminincludesupgradephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/upgrade.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/upgrade.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/upgrade.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx"> $first_post = get_site_option( 'first_post' );
</span><span class="cx">
</span><span class="cx"> if ( empty($first_post) )
</span><del>- $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
</del><ins>+ $first_post = __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' );
</ins><span class="cx">
</span><span class="cx"> $first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post );
</span><span class="cx"> $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
</span><span class="lines">@@ -636,23 +636,23 @@
</span><span class="cx"> $users = $wpdb->get_results("SELECT * FROM $wpdb->users");
</span><span class="cx"> foreach ( $users as $user ) :
</span><span class="cx"> if ( !empty( $user->user_firstname ) )
</span><del>- update_user_meta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) );
</del><ins>+ update_user_meta( $user->ID, 'first_name', wp_slash($user->user_firstname) );
</ins><span class="cx"> if ( !empty( $user->user_lastname ) )
</span><del>- update_user_meta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
</del><ins>+ update_user_meta( $user->ID, 'last_name', wp_slash($user->user_lastname) );
</ins><span class="cx"> if ( !empty( $user->user_nickname ) )
</span><del>- update_user_meta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
</del><ins>+ update_user_meta( $user->ID, 'nickname', wp_slash($user->user_nickname) );
</ins><span class="cx"> if ( !empty( $user->user_level ) )
</span><span class="cx"> update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level );
</span><span class="cx"> if ( !empty( $user->user_icq ) )
</span><del>- update_user_meta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
</del><ins>+ update_user_meta( $user->ID, 'icq', wp_slash($user->user_icq) );
</ins><span class="cx"> if ( !empty( $user->user_aim ) )
</span><del>- update_user_meta( $user->ID, 'aim', $wpdb->escape($user->user_aim) );
</del><ins>+ update_user_meta( $user->ID, 'aim', wp_slash($user->user_aim) );
</ins><span class="cx"> if ( !empty( $user->user_msn ) )
</span><del>- update_user_meta( $user->ID, 'msn', $wpdb->escape($user->user_msn) );
</del><ins>+ update_user_meta( $user->ID, 'msn', wp_slash($user->user_msn) );
</ins><span class="cx"> if ( !empty( $user->user_yim ) )
</span><del>- update_user_meta( $user->ID, 'yim', $wpdb->escape($user->user_icq) );
</del><ins>+ update_user_meta( $user->ID, 'yim', wp_slash($user->user_icq) );
</ins><span class="cx"> if ( !empty( $user->user_description ) )
</span><del>- update_user_meta( $user->ID, 'description', $wpdb->escape($user->user_description) );
</del><ins>+ update_user_meta( $user->ID, 'description', wp_slash($user->user_description) );
</ins><span class="cx">
</span><span class="cx"> if ( isset( $user->user_idmode ) ):
</span><span class="cx"> $idmode = $user->user_idmode;
</span><span class="lines">@@ -854,7 +854,7 @@
</span><span class="cx"> foreach ( $link_cats as $category) {
</span><span class="cx"> $cat_id = (int) $category->cat_id;
</span><span class="cx"> $term_id = 0;
</span><del>- $name = $wpdb->escape($category->cat_name);
</del><ins>+ $name = wp_slash($category->cat_name);
</ins><span class="cx"> $slug = sanitize_title($name);
</span><span class="cx"> $term_group = 0;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminincludesuserphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/user.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/user.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/user.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -34,7 +34,7 @@
</span><span class="cx"> $update = true;
</span><span class="cx"> $user->ID = (int) $user_id;
</span><span class="cx"> $userdata = get_userdata( $user_id );
</span><del>- $user->user_login = $wpdb->escape( $userdata->user_login );
</del><ins>+ $user->user_login = wp_slash( $userdata->user_login );
</ins><span class="cx"> } else {
</span><span class="cx"> $update = false;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkwpadmininstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/install.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/install.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/install.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -84,10 +84,10 @@
</span><span class="cx"> if ( ! empty( $_POST ) )
</span><span class="cx"> $blog_public = isset( $_POST['blog_public'] );
</span><span class="cx">
</span><del>- $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
- $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
- $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
- $admin_email = isset( $_POST['admin_email'] ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
</del><ins>+ $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+ $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+ $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
+ $admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
</ins><span class="cx">
</span><span class="cx"> if ( ! is_null( $error ) ) {
</span><span class="cx"> ?>
</span><span class="lines">@@ -189,11 +189,11 @@
</span><span class="cx">
</span><span class="cx"> display_header();
</span><span class="cx"> // Fill in the data we gathered
</span><del>- $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
- $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
- $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
- $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
- $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
</del><ins>+ $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+ $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+ $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
+ $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
+ $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
</ins><span class="cx"> $public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0;
</span><span class="cx"> // check e-mail address
</span><span class="cx"> $error = false;
</span></span></pre></div>
<a id="trunkwpadminlinkmanagerphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/link-manager.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/link-manager.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/link-manager.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -31,7 +31,7 @@
</span><span class="cx"> exit;
</span><span class="cx"> }
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx"> exit;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -72,7 +72,7 @@
</span><span class="cx"> <?php screen_icon(); ?>
</span><span class="cx"> <h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php
</span><span class="cx"> if ( !empty($_REQUEST['s']) )
</span><del>- printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
</del><ins>+ printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
</ins><span class="cx"> </h2>
</span><span class="cx">
</span><span class="cx"> <?php
</span></span></pre></div>
<a id="trunkwpadminnetworksiteinfophp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-info.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-info.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/site-info.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx"> delete_option( 'rewrite_rules' );
</span><span class="cx">
</span><span class="cx"> // update blogs table
</span><del>- $blog_data = stripslashes_deep( $_POST['blog'] );
</del><ins>+ $blog_data = wp_unslash( $_POST['blog'] );
</ins><span class="cx"> $existing_details = get_blog_details( $id, false );
</span><span class="cx"> $blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
</span><span class="cx"> foreach ( $blog_data_checkboxes as $c ) {
</span></span></pre></div>
<a id="trunkwpadminnetworksitenewphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-new.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-new.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/site-new.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -88,7 +88,7 @@
</span><span class="cx"> $content_mail = sprintf( __( 'New site created by %1$s
</span><span class="cx">
</span><span class="cx"> Address: %2$s
</span><del>-Name: %3$s' ), $current_user->user_login , get_site_url( $id ), stripslashes( $title ) );
</del><ins>+Name: %3$s' ), $current_user->user_login , get_site_url( $id ), wp_unslash( $title ) );
</ins><span class="cx"> wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );
</span><span class="cx"> wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
</span><span class="cx"> wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) );
</span></span></pre></div>
<a id="trunkwpadminnetworksitesettingsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-settings.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-settings.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/site-settings.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -53,12 +53,14 @@
</span><span class="cx"> $count = count( $_POST['option'] );
</span><span class="cx"> $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
</span><span class="cx"> foreach ( (array) $_POST['option'] as $key => $val ) {
</span><ins>+ $key = wp_unslash( $key );
+ $val = wp_unslash( $val );
</ins><span class="cx"> if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
</span><span class="cx"> continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
</span><span class="cx"> if ( $c == $count )
</span><del>- update_option( $key, stripslashes( $val ) );
</del><ins>+ update_option( $key, $val );
</ins><span class="cx"> else
</span><del>- update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
</del><ins>+ update_option( $key, $val, false ); // no need to refresh blog details yet
</ins><span class="cx"> $c++;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminnetworksitesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/sites.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/sites.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/sites.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -79,7 +79,7 @@
</span><span class="cx"> <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
</span><span class="cx"> <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
</span><span class="cx"> <?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?>
</span><del>- <p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p>
</del><ins>+ <p><?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?></p>
</ins><span class="cx"> <?php submit_button( __('Confirm'), 'button' ); ?>
</span><span class="cx"> </form>
</span><span class="cx"> </body>
</span></span></pre></div>
<a id="trunkwpadminnetworkphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -520,7 +520,7 @@
</span><span class="cx"> $base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
</span><span class="cx"> $subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
</span><span class="cx"> if ( ! network_domain_check() ) {
</span><del>- $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
</del><ins>+ $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
</ins><span class="cx"> if ( is_wp_error( $result ) ) {
</span><span class="cx"> if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
</span><span class="cx"> network_step2( $result );
</span></span></pre></div>
<a id="trunkwpadminoptionsheadphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/options-head.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/options-head.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/options-head.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -2,8 +2,7 @@
</span><span class="cx"> /**
</span><span class="cx"> * WordPress Options Header.
</span><span class="cx"> *
</span><del>- * Resets variables: 'action', 'standalone', and 'option_group_id'. Displays
- * updated message, if updated variable is part of the URL query.
</del><ins>+ * Displays updated message, if updated variable is part of the URL query.
</ins><span class="cx"> *
</span><span class="cx"> * @package WordPress
</span><span class="cx"> * @subpackage Administration
</span></span></pre></div>
<a id="trunkwpadminoptionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/options.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/options.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/options.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -120,16 +120,16 @@
</span><span class="cx"> if ( 'options' == $option_page ) {
</span><span class="cx"> if ( is_multisite() && ! is_super_admin() )
</span><span class="cx"> wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
</span><del>- $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
</del><ins>+ $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
</ins><span class="cx"> } else {
</span><span class="cx"> $options = $whitelist_options[ $option_page ];
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Handle custom date/time formats
</span><span class="cx"> if ( 'general' == $option_page ) {
</span><del>- if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
</del><ins>+ if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
</ins><span class="cx"> $_POST['date_format'] = $_POST['date_format_custom'];
</span><del>- if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
</del><ins>+ if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
</ins><span class="cx"> $_POST['time_format'] = $_POST['time_format_custom'];
</span><span class="cx"> // Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
</span><span class="cx"> if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
</span><span class="lines">@@ -150,7 +150,7 @@
</span><span class="cx"> $value = $_POST[ $option ];
</span><span class="cx"> if ( ! is_array( $value ) )
</span><span class="cx"> $value = trim( $value );
</span><del>- $value = stripslashes_deep( $value );
</del><ins>+ $value = wp_unslash( $value );
</ins><span class="cx"> }
</span><span class="cx"> update_option( $option, $value );
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkwpadminplugineditorphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/plugin-editor.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/plugin-editor.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/plugin-editor.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx"> wp_die( __('There are no plugins installed on this site.') );
</span><span class="cx">
</span><span class="cx"> if ( isset($_REQUEST['file']) )
</span><del>- $plugin = stripslashes($_REQUEST['file']);
</del><ins>+ $plugin = wp_unslash($_REQUEST['file']);
</ins><span class="cx">
</span><span class="cx"> if ( empty($plugin) ) {
</span><span class="cx"> $plugin = array_keys($plugins);
</span><span class="lines">@@ -39,8 +39,6 @@
</span><span class="cx">
</span><span class="cx"> if ( empty($file) )
</span><span class="cx"> $file = $plugin_files[0];
</span><del>-else
- $file = stripslashes($file);
</del><span class="cx">
</span><span class="cx"> $file = validate_file_to_edit($file, $plugin_files);
</span><span class="cx"> $real_file = WP_PLUGIN_DIR . '/' . $file;
</span><span class="lines">@@ -52,7 +50,7 @@
</span><span class="cx">
</span><span class="cx"> check_admin_referer('edit-plugin_' . $file);
</span><span class="cx">
</span><del>- $newcontent = stripslashes($_POST['newcontent']);
</del><ins>+ $newcontent = wp_unslash( $_POST['newcontent'] );
</ins><span class="cx"> if ( is_writeable($real_file) ) {
</span><span class="cx"> $f = fopen($real_file, 'w+');
</span><span class="cx"> fwrite($f, $newcontent);
</span></span></pre></div>
<a id="trunkwpadminpressthisphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/press-this.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/press-this.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/press-this.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -91,11 +91,11 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Set Variables
</span><del>-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
</del><ins>+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
</ins><span class="cx">
</span><span class="cx"> $selection = '';
</span><span class="cx"> if ( !empty($_GET['s']) ) {
</span><del>- $selection = str_replace('&apos;', "'", stripslashes($_GET['s']));
</del><ins>+ $selection = str_replace('&apos;', "'", wp_unslash($_GET['s']));
</ins><span class="cx"> $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminsetupconfigphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/setup-config.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/setup-config.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/setup-config.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -164,7 +164,7 @@
</span><span class="cx">
</span><span class="cx"> case 2:
</span><span class="cx"> foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
</span><del>- $$key = trim( stripslashes( $_POST[ $key ] ) );
</del><ins>+ $$key = trim( wp_unslash( $_POST[ $key ] ) );
</ins><span class="cx">
</span><span class="cx"> $tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>';
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpadminthemeeditorphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/theme-editor.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/theme-editor.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/theme-editor.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -68,7 +68,7 @@
</span><span class="cx"> $relative_file = 'style.css';
</span><span class="cx"> $file = $allowed_files['style.css'];
</span><span class="cx"> } else {
</span><del>- $relative_file = stripslashes( $file );
</del><ins>+ $relative_file = wp_unslash( $file );
</ins><span class="cx"> $file = $theme->get_stylesheet_directory() . '/' . $relative_file;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -78,7 +78,7 @@
</span><span class="cx"> switch( $action ) {
</span><span class="cx"> case 'update':
</span><span class="cx"> check_admin_referer( 'edit-theme_' . $file . $stylesheet );
</span><del>- $newcontent = stripslashes( $_POST['newcontent'] );
</del><ins>+ $newcontent = wp_unslash( $_POST['newcontent'] );
</ins><span class="cx"> $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
</span><span class="cx"> if ( is_writeable( $file ) ) {
</span><span class="cx"> //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
</span></span></pre></div>
<a id="trunkwpadminupgradephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/upgrade.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/upgrade.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/upgrade.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -77,7 +77,7 @@
</span><span class="cx"> <?php else :
</span><span class="cx"> switch ( $step ) :
</span><span class="cx"> case 0:
</span><del>- $goback = stripslashes( wp_get_referer() );
</del><ins>+ $goback = wp_unslash( wp_get_referer() );
</ins><span class="cx"> $goback = esc_url_raw( $goback );
</span><span class="cx"> $goback = urlencode( $goback );
</span><span class="cx"> ?>
</span><span class="lines">@@ -90,7 +90,7 @@
</span><span class="cx"> case 1:
</span><span class="cx"> wp_upgrade();
</span><span class="cx">
</span><del>- $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
</del><ins>+ $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
</ins><span class="cx"> $backto = esc_url( $backto );
</span><span class="cx"> $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
</span><span class="cx"> ?>
</span></span></pre></div>
<a id="trunkwpadminuploadphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/upload.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/upload.php 2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/upload.php 2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx"> wp_redirect( $location );
</span><span class="cx"> exit;
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx"> exit;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>