<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[23567] trunk/wp-admin: Use wp_unslash() instead of stripslashes() and stripslashes_deep().</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/23567">23567</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2013-03-01 17:14:09 +0000 (Fri, 01 Mar 2013)</dd>
</dl>

<h3>Log Message</h3>
<pre>Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadmineditcommentsphp">trunk/wp-admin/edit-comments.php</a></li>
<li><a href="#trunkwpadminincludestemplatephp">trunk/wp-admin/includes/template.php</a></li>
<li><a href="#trunkwpadminincludesthemeinstallphp">trunk/wp-admin/includes/theme-install.php</a></li>
<li><a href="#trunkwpadminincludesupgradephp">trunk/wp-admin/includes/upgrade.php</a></li>
<li><a href="#trunkwpadminincludesuserphp">trunk/wp-admin/includes/user.php</a></li>
<li><a href="#trunkwpadmininstallphp">trunk/wp-admin/install.php</a></li>
<li><a href="#trunkwpadminlinkmanagerphp">trunk/wp-admin/link-manager.php</a></li>
<li><a href="#trunkwpadminnetworksiteinfophp">trunk/wp-admin/network/site-info.php</a></li>
<li><a href="#trunkwpadminnetworksitenewphp">trunk/wp-admin/network/site-new.php</a></li>
<li><a href="#trunkwpadminnetworksitesettingsphp">trunk/wp-admin/network/site-settings.php</a></li>
<li><a href="#trunkwpadminnetworksitesphp">trunk/wp-admin/network/sites.php</a></li>
<li><a href="#trunkwpadminnetworkphp">trunk/wp-admin/network.php</a></li>
<li><a href="#trunkwpadminoptionsheadphp">trunk/wp-admin/options-head.php</a></li>
<li><a href="#trunkwpadminoptionsphp">trunk/wp-admin/options.php</a></li>
<li><a href="#trunkwpadminplugineditorphp">trunk/wp-admin/plugin-editor.php</a></li>
<li><a href="#trunkwpadminpressthisphp">trunk/wp-admin/press-this.php</a></li>
<li><a href="#trunkwpadminsetupconfigphp">trunk/wp-admin/setup-config.php</a></li>
<li><a href="#trunkwpadminthemeeditorphp">trunk/wp-admin/theme-editor.php</a></li>
<li><a href="#trunkwpadminupgradephp">trunk/wp-admin/upgrade.php</a></li>
<li><a href="#trunkwpadminuploadphp">trunk/wp-admin/upload.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadmineditcommentsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/edit-comments.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/edit-comments.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/edit-comments.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -20,8 +20,8 @@
</span><span class="cx">         check_admin_referer( 'bulk-comments' );
</span><span class="cx"> 
</span><span class="cx">         if ( 'delete_all' == $doaction &amp;&amp; !empty( $_REQUEST['pagegen_timestamp'] ) ) {
</span><del>-                $comment_status = $_REQUEST['comment_status'];
-                $delete_time = $_REQUEST['pagegen_timestamp'];
</del><ins>+                $comment_status = wp_unslash( $_REQUEST['comment_status'] );
+                $delete_time = wp_unslash ( $_REQUEST['pagegen_timestamp'] );
</ins><span class="cx">                 $comment_ids = $wpdb-&gt;get_col( $wpdb-&gt;prepare( &quot;SELECT comment_ID FROM $wpdb-&gt;comments WHERE comment_approved = %s AND %s &gt; comment_date_gmt&quot;, $comment_status, $delete_time ) );
</span><span class="cx">                 $doaction = 'delete';
</span><span class="cx">         } elseif ( isset( $_REQUEST['delete_comments'] ) ) {
</span></span></pre></div>
<a id="trunkwpadminincludestemplatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/template.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/template.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/template.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -1333,7 +1333,7 @@
</span><span class="cx">  *
</span><span class="cx">  */
</span><span class="cx"> function _admin_search_query() {
</span><del>-        echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
</del><ins>+        echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpadminincludesthemeinstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/theme-install.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/theme-install.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/theme-install.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -50,8 +50,8 @@
</span><span class="cx">  * @since 2.8.0
</span><span class="cx">  */
</span><span class="cx"> function install_theme_search_form( $type_selector = true ) {
</span><del>-        $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
-        $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
</del><ins>+        $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
+        $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
</ins><span class="cx">         if ( ! $type_selector )
</span><span class="cx">                 echo '&lt;p class=&quot;install-help&quot;&gt;' . __( 'Search for themes by keyword.' ) . '&lt;/p&gt;';
</span><span class="cx">         ?&gt;
</span><span class="lines">@@ -179,7 +179,7 @@
</span><span class="cx"> function install_theme_information() {
</span><span class="cx">         global $tab, $themes_allowedtags, $wp_list_table;
</span><span class="cx"> 
</span><del>-        $theme = themes_api( 'theme_information', array( 'slug' =&gt; stripslashes( $_REQUEST['theme'] ) ) );
</del><ins>+        $theme = themes_api( 'theme_information', array( 'slug' =&gt; wp_unslash( $_REQUEST['theme'] ) ) );
</ins><span class="cx"> 
</span><span class="cx">         if ( is_wp_error( $theme ) )
</span><span class="cx">                 wp_die( $theme );
</span></span></pre></div>
<a id="trunkwpadminincludesupgradephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/upgrade.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/upgrade.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/upgrade.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx">                 $first_post = get_site_option( 'first_post' );
</span><span class="cx"> 
</span><span class="cx">                 if ( empty($first_post) )
</span><del>-                        $first_post = stripslashes( __( 'Welcome to &lt;a href=&quot;SITE_URL&quot;&gt;SITE_NAME&lt;/a&gt;. This is your first post. Edit or delete it, then start blogging!' ) );
</del><ins>+                        $first_post = __( 'Welcome to &lt;a href=&quot;SITE_URL&quot;&gt;SITE_NAME&lt;/a&gt;. This is your first post. Edit or delete it, then start blogging!' );
</ins><span class="cx"> 
</span><span class="cx">                 $first_post = str_replace( &quot;SITE_URL&quot;, esc_url( network_home_url() ), $first_post );
</span><span class="cx">                 $first_post = str_replace( &quot;SITE_NAME&quot;, $current_site-&gt;site_name, $first_post );
</span><span class="lines">@@ -636,23 +636,23 @@
</span><span class="cx">         $users = $wpdb-&gt;get_results(&quot;SELECT * FROM $wpdb-&gt;users&quot;);
</span><span class="cx">         foreach ( $users as $user ) :
</span><span class="cx">                 if ( !empty( $user-&gt;user_firstname ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'first_name', $wpdb-&gt;escape($user-&gt;user_firstname) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'first_name', wp_slash($user-&gt;user_firstname) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_lastname ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'last_name', $wpdb-&gt;escape($user-&gt;user_lastname) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'last_name', wp_slash($user-&gt;user_lastname) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_nickname ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'nickname', $wpdb-&gt;escape($user-&gt;user_nickname) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'nickname', wp_slash($user-&gt;user_nickname) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_level ) )
</span><span class="cx">                         update_user_meta( $user-&gt;ID, $wpdb-&gt;prefix . 'user_level', $user-&gt;user_level );
</span><span class="cx">                 if ( !empty( $user-&gt;user_icq ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'icq', $wpdb-&gt;escape($user-&gt;user_icq) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'icq', wp_slash($user-&gt;user_icq) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_aim ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'aim', $wpdb-&gt;escape($user-&gt;user_aim) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'aim', wp_slash($user-&gt;user_aim) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_msn ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'msn', $wpdb-&gt;escape($user-&gt;user_msn) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'msn', wp_slash($user-&gt;user_msn) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_yim ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'yim', $wpdb-&gt;escape($user-&gt;user_icq) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'yim', wp_slash($user-&gt;user_icq) );
</ins><span class="cx">                 if ( !empty( $user-&gt;user_description ) )
</span><del>-                        update_user_meta( $user-&gt;ID, 'description', $wpdb-&gt;escape($user-&gt;user_description) );
</del><ins>+                        update_user_meta( $user-&gt;ID, 'description', wp_slash($user-&gt;user_description) );
</ins><span class="cx"> 
</span><span class="cx">                 if ( isset( $user-&gt;user_idmode ) ):
</span><span class="cx">                         $idmode = $user-&gt;user_idmode;
</span><span class="lines">@@ -854,7 +854,7 @@
</span><span class="cx">                 foreach ( $link_cats as $category) {
</span><span class="cx">                         $cat_id = (int) $category-&gt;cat_id;
</span><span class="cx">                         $term_id = 0;
</span><del>-                        $name = $wpdb-&gt;escape($category-&gt;cat_name);
</del><ins>+                        $name = wp_slash($category-&gt;cat_name);
</ins><span class="cx">                         $slug = sanitize_title($name);
</span><span class="cx">                         $term_group = 0;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminincludesuserphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/user.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/user.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/includes/user.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -34,7 +34,7 @@
</span><span class="cx">                 $update = true;
</span><span class="cx">                 $user-&gt;ID = (int) $user_id;
</span><span class="cx">                 $userdata = get_userdata( $user_id );
</span><del>-                $user-&gt;user_login = $wpdb-&gt;escape( $userdata-&gt;user_login );
</del><ins>+                $user-&gt;user_login = wp_slash( $userdata-&gt;user_login );
</ins><span class="cx">         } else {
</span><span class="cx">                 $update = false;
</span><span class="cx">         }
</span></span></pre></div>
<a id="trunkwpadmininstallphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/install.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/install.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/install.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -84,10 +84,10 @@
</span><span class="cx">         if ( ! empty( $_POST ) )
</span><span class="cx">                 $blog_public = isset( $_POST['blog_public'] );
</span><span class="cx"> 
</span><del>-        $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-        $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-        $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
-        $admin_email  = isset( $_POST['admin_email']  ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
</del><ins>+        $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+        $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+        $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
+        $admin_email  = isset( $_POST['admin_email']  ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
</ins><span class="cx"> 
</span><span class="cx">         if ( ! is_null( $error ) ) {
</span><span class="cx"> ?&gt;
</span><span class="lines">@@ -189,11 +189,11 @@
</span><span class="cx"> 
</span><span class="cx">                 display_header();
</span><span class="cx">                 // Fill in the data we gathered
</span><del>-                $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-                $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-                $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
-                $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
-                $admin_email  = isset( $_POST['admin_email']  ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
</del><ins>+                $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+                $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+                $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
+                $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
+                $admin_email  = isset( $_POST['admin_email']  ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
</ins><span class="cx">                 $public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
</span><span class="cx">                 // check e-mail address
</span><span class="cx">                 $error = false;
</span></span></pre></div>
<a id="trunkwpadminlinkmanagerphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/link-manager.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/link-manager.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/link-manager.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -31,7 +31,7 @@
</span><span class="cx">                 exit;
</span><span class="cx">         }
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>-         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">          exit;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -72,7 +72,7 @@
</span><span class="cx"> &lt;?php screen_icon(); ?&gt;
</span><span class="cx"> &lt;h2&gt;&lt;?php echo esc_html( $title ); ?&gt; &lt;a href=&quot;link-add.php&quot; class=&quot;add-new-h2&quot;&gt;&lt;?php echo esc_html_x('Add New', 'link'); ?&gt;&lt;/a&gt; &lt;?php
</span><span class="cx"> if ( !empty($_REQUEST['s']) )
</span><del>-        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . __('Search results for &amp;#8220;%s&amp;#8221;') . '&lt;/span&gt;', esc_html( stripslashes($_REQUEST['s']) ) ); ?&gt;
</del><ins>+        printf( '&lt;span class=&quot;subtitle&quot;&gt;' . __('Search results for &amp;#8220;%s&amp;#8221;') . '&lt;/span&gt;', esc_html( wp_unslash($_REQUEST['s']) ) ); ?&gt;
</ins><span class="cx"> &lt;/h2&gt;
</span><span class="cx"> 
</span><span class="cx"> &lt;?php
</span></span></pre></div>
<a id="trunkwpadminnetworksiteinfophp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-info.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-info.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/site-info.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx">         delete_option( 'rewrite_rules' );
</span><span class="cx"> 
</span><span class="cx">         // update blogs table
</span><del>-        $blog_data = stripslashes_deep( $_POST['blog'] );
</del><ins>+        $blog_data = wp_unslash( $_POST['blog'] );
</ins><span class="cx">         $existing_details = get_blog_details( $id, false );
</span><span class="cx">         $blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
</span><span class="cx">         foreach ( $blog_data_checkboxes as $c ) {
</span></span></pre></div>
<a id="trunkwpadminnetworksitenewphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-new.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-new.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/site-new.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -88,7 +88,7 @@
</span><span class="cx">                 $content_mail = sprintf( __( 'New site created by %1$s
</span><span class="cx"> 
</span><span class="cx"> Address: %2$s
</span><del>-Name: %3$s' ), $current_user-&gt;user_login , get_site_url( $id ), stripslashes( $title ) );
</del><ins>+Name: %3$s' ), $current_user-&gt;user_login , get_site_url( $id ), wp_unslash( $title ) );
</ins><span class="cx">                 wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site-&gt;site_name ), $content_mail, 'From: &quot;Site Admin&quot; &lt;' . get_site_option( 'admin_email' ) . '&gt;' );
</span><span class="cx">                 wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' =&gt; 1 ) );
</span><span class="cx">                 wp_redirect( add_query_arg( array( 'update' =&gt; 'added', 'id' =&gt; $id ), 'site-new.php' ) );
</span></span></pre></div>
<a id="trunkwpadminnetworksitesettingsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/site-settings.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/site-settings.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/site-settings.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -53,12 +53,14 @@
</span><span class="cx">         $count = count( $_POST['option'] );
</span><span class="cx">         $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
</span><span class="cx">         foreach ( (array) $_POST['option'] as $key =&gt; $val ) {
</span><ins>+                $key = wp_unslash( $key );
+                $val = wp_unslash( $val );
</ins><span class="cx">                 if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
</span><span class="cx">                         continue; // Avoids &quot;0 is a protected WP option and may not be modified&quot; error when edit blog options
</span><span class="cx">                 if ( $c == $count )
</span><del>-                        update_option( $key, stripslashes( $val ) );
</del><ins>+                        update_option( $key, $val );
</ins><span class="cx">                 else
</span><del>-                        update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
</del><ins>+                        update_option( $key, $val, false ); // no need to refresh blog details yet
</ins><span class="cx">                 $c++;
</span><span class="cx">         }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminnetworksitesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network/sites.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network/sites.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network/sites.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -79,7 +79,7 @@
</span><span class="cx">                                         &lt;input type=&quot;hidden&quot; name=&quot;id&quot; value=&quot;&lt;?php echo esc_attr( $id ); ?&gt;&quot; /&gt;
</span><span class="cx">                                         &lt;input type=&quot;hidden&quot; name=&quot;_wp_http_referer&quot; value=&quot;&lt;?php echo esc_attr( wp_get_referer() ); ?&gt;&quot; /&gt;
</span><span class="cx">                                         &lt;?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?&gt;
</span><del>-                                        &lt;p&gt;&lt;?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?&gt;&lt;/p&gt;
</del><ins>+                                        &lt;p&gt;&lt;?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?&gt;&lt;/p&gt;
</ins><span class="cx">                                         &lt;?php submit_button( __('Confirm'), 'button' ); ?&gt;
</span><span class="cx">                                 &lt;/form&gt;
</span><span class="cx">                         &lt;/body&gt;
</span></span></pre></div>
<a id="trunkwpadminnetworkphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/network.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/network.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/network.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -520,7 +520,7 @@
</span><span class="cx">         $base              = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
</span><span class="cx">         $subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
</span><span class="cx">         if ( ! network_domain_check() ) {
</span><del>-                $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
</del><ins>+                $result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
</ins><span class="cx">                 if ( is_wp_error( $result ) ) {
</span><span class="cx">                         if ( 1 == count( $result-&gt;get_error_codes() ) &amp;&amp; 'no_wildcard_dns' == $result-&gt;get_error_code() )
</span><span class="cx">                                 network_step2( $result );
</span></span></pre></div>
<a id="trunkwpadminoptionsheadphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/options-head.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/options-head.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/options-head.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -2,8 +2,7 @@
</span><span class="cx"> /**
</span><span class="cx">  * WordPress Options Header.
</span><span class="cx">  *
</span><del>- * Resets variables: 'action', 'standalone', and 'option_group_id'. Displays
- * updated message, if updated variable is part of the URL query.
</del><ins>+ * Displays updated message, if updated variable is part of the URL query.
</ins><span class="cx">  *
</span><span class="cx">  * @package WordPress
</span><span class="cx">  * @subpackage Administration
</span></span></pre></div>
<a id="trunkwpadminoptionsphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/options.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/options.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/options.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -120,16 +120,16 @@
</span><span class="cx">         if ( 'options' == $option_page ) {
</span><span class="cx">                 if ( is_multisite() &amp;&amp; ! is_super_admin() )
</span><span class="cx">                         wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
</span><del>-                $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
</del><ins>+                $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
</ins><span class="cx">         } else {
</span><span class="cx">                 $options = $whitelist_options[ $option_page ];
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         // Handle custom date/time formats
</span><span class="cx">         if ( 'general' == $option_page ) {
</span><del>-                if ( !empty($_POST['date_format']) &amp;&amp; isset($_POST['date_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
</del><ins>+                if ( !empty($_POST['date_format']) &amp;&amp; isset($_POST['date_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
</ins><span class="cx">                         $_POST['date_format'] = $_POST['date_format_custom'];
</span><del>-                if ( !empty($_POST['time_format']) &amp;&amp; isset($_POST['time_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
</del><ins>+                if ( !empty($_POST['time_format']) &amp;&amp; isset($_POST['time_format_custom']) &amp;&amp; '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
</ins><span class="cx">                         $_POST['time_format'] = $_POST['time_format_custom'];
</span><span class="cx">                 // Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
</span><span class="cx">                 if ( !empty($_POST['timezone_string']) &amp;&amp; preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
</span><span class="lines">@@ -150,7 +150,7 @@
</span><span class="cx">                                 $value = $_POST[ $option ];
</span><span class="cx">                                 if ( ! is_array( $value ) )
</span><span class="cx">                                         $value = trim( $value );
</span><del>-                                $value = stripslashes_deep( $value );
</del><ins>+                                $value = wp_unslash( $value );
</ins><span class="cx">                         }
</span><span class="cx">                         update_option( $option, $value );
</span><span class="cx">                 }
</span></span></pre></div>
<a id="trunkwpadminplugineditorphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/plugin-editor.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/plugin-editor.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/plugin-editor.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">         wp_die( __('There are no plugins installed on this site.') );
</span><span class="cx"> 
</span><span class="cx"> if ( isset($_REQUEST['file']) )
</span><del>-        $plugin = stripslashes($_REQUEST['file']);
</del><ins>+        $plugin = wp_unslash($_REQUEST['file']);
</ins><span class="cx"> 
</span><span class="cx"> if ( empty($plugin) ) {
</span><span class="cx">         $plugin = array_keys($plugins);
</span><span class="lines">@@ -39,8 +39,6 @@
</span><span class="cx"> 
</span><span class="cx"> if ( empty($file) )
</span><span class="cx">         $file = $plugin_files[0];
</span><del>-else
-        $file = stripslashes($file);
</del><span class="cx"> 
</span><span class="cx"> $file = validate_file_to_edit($file, $plugin_files);
</span><span class="cx"> $real_file = WP_PLUGIN_DIR . '/' . $file;
</span><span class="lines">@@ -52,7 +50,7 @@
</span><span class="cx"> 
</span><span class="cx">         check_admin_referer('edit-plugin_' . $file);
</span><span class="cx"> 
</span><del>-        $newcontent = stripslashes($_POST['newcontent']);
</del><ins>+        $newcontent = wp_unslash( $_POST['newcontent'] );
</ins><span class="cx">         if ( is_writeable($real_file) ) {
</span><span class="cx">                 $f = fopen($real_file, 'w+');
</span><span class="cx">                 fwrite($f, $newcontent);
</span></span></pre></div>
<a id="trunkwpadminpressthisphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/press-this.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/press-this.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/press-this.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -91,11 +91,11 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> // Set Variables
</span><del>-$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
</del><ins>+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
</ins><span class="cx"> 
</span><span class="cx"> $selection = '';
</span><span class="cx"> if ( !empty($_GET['s']) ) {
</span><del>-        $selection = str_replace('&amp;apos;', &quot;'&quot;, stripslashes($_GET['s']));
</del><ins>+        $selection = str_replace('&amp;apos;', &quot;'&quot;, wp_unslash($_GET['s']));
</ins><span class="cx">         $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminsetupconfigphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/setup-config.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/setup-config.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/setup-config.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -164,7 +164,7 @@
</span><span class="cx"> 
</span><span class="cx">         case 2:
</span><span class="cx">         foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
</span><del>-                $$key = trim( stripslashes( $_POST[ $key ] ) );
</del><ins>+                $$key = trim( wp_unslash( $_POST[ $key ] ) );
</ins><span class="cx"> 
</span><span class="cx">         $tryagain_link = '&lt;/p&gt;&lt;p class=&quot;step&quot;&gt;&lt;a href=&quot;setup-config.php?step=1&quot; onclick=&quot;javascript:history.go(-1);return false;&quot; class=&quot;button button-large&quot;&gt;' . __( 'Try again' ) . '&lt;/a&gt;';
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkwpadminthemeeditorphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/theme-editor.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/theme-editor.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/theme-editor.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -68,7 +68,7 @@
</span><span class="cx">         $relative_file = 'style.css';
</span><span class="cx">         $file = $allowed_files['style.css'];
</span><span class="cx"> } else {
</span><del>-        $relative_file = stripslashes( $file );
</del><ins>+        $relative_file = wp_unslash( $file );
</ins><span class="cx">         $file = $theme-&gt;get_stylesheet_directory() . '/' . $relative_file;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -78,7 +78,7 @@
</span><span class="cx"> switch( $action ) {
</span><span class="cx"> case 'update':
</span><span class="cx">         check_admin_referer( 'edit-theme_' . $file . $stylesheet );
</span><del>-        $newcontent = stripslashes( $_POST['newcontent'] );
</del><ins>+        $newcontent = wp_unslash( $_POST['newcontent'] );
</ins><span class="cx">         $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&amp;theme=' . urlencode( $stylesheet ) . '&amp;scrollto=' . $scrollto;
</span><span class="cx">         if ( is_writeable( $file ) ) {
</span><span class="cx">                 //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
</span></span></pre></div>
<a id="trunkwpadminupgradephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/upgrade.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/upgrade.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/upgrade.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -77,7 +77,7 @@
</span><span class="cx"> &lt;?php else :
</span><span class="cx"> switch ( $step ) :
</span><span class="cx">         case 0:
</span><del>-                $goback = stripslashes( wp_get_referer() );
</del><ins>+                $goback = wp_unslash( wp_get_referer() );
</ins><span class="cx">                 $goback = esc_url_raw( $goback );
</span><span class="cx">                 $goback = urlencode( $goback );
</span><span class="cx"> ?&gt;
</span><span class="lines">@@ -90,7 +90,7 @@
</span><span class="cx">         case 1:
</span><span class="cx">                 wp_upgrade();
</span><span class="cx"> 
</span><del>-                        $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
</del><ins>+                        $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
</ins><span class="cx">                         $backto = esc_url( $backto );
</span><span class="cx">                         $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
</span><span class="cx"> ?&gt;
</span></span></pre></div>
<a id="trunkwpadminuploadphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/upload.php (23566 => 23567)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/upload.php        2013-03-01 17:12:02 UTC (rev 23566)
+++ trunk/wp-admin/upload.php        2013-03-01 17:14:09 UTC (rev 23567)
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx">         wp_redirect( $location );
</span><span class="cx">         exit;
</span><span class="cx"> } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
</span><del>-         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
</del><ins>+         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">          exit;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>