<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[23591] trunk: Use wp_unslash() instead of stripslashes() and stripslashes_deep().</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/23591">23591</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2013-03-03 16:30:38 +0000 (Sun, 03 Mar 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadminusernewphp">trunk/wp-admin/user-new.php</a></li>
<li><a href="#trunkwpadminusersphp">trunk/wp-admin/users.php</a></li>
<li><a href="#trunkwpincludesclasswpcustomizemanagerphp">trunk/wp-includes/class-wp-customize-manager.php</a></li>
<li><a href="#trunkwpincludesclasswpcustomizesettingphp">trunk/wp-includes/class-wp-customize-setting.php</a></li>
<li><a href="#trunkwpincludesclasswpxmlrpcserverphp">trunk/wp-includes/class-wp-xmlrpc-server.php</a></li>
<li><a href="#trunkwpincludescommentphp">trunk/wp-includes/comment.php</a></li>
<li><a href="#trunkwpincludescronphp">trunk/wp-includes/cron.php</a></li>
<li><a href="#trunkwpincludesfeedphp">trunk/wp-includes/feed.php</a></li>
<li><a href="#trunkwpincludesformattingphp">trunk/wp-includes/formatting.php</a></li>
<li><a href="#trunkwpincludesmetaphp">trunk/wp-includes/meta.php</a></li>
<li><a href="#trunkwpincludesmsfilesphp">trunk/wp-includes/ms-files.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadminusernewphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/user-new.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/user-new.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-admin/user-new.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -116,7 +116,7 @@
</span><span class="cx">                 if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
</span><span class="cx">                         $add_user_errors = $user_details[ 'errors' ];
</span><span class="cx">                 } else {
</span><del>-                        $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
</del><ins>+                        $new_user_login = apply_filters('pre_user_login', sanitize_user(wp_unslash($_REQUEST['user_login']), true));
</ins><span class="cx">                         if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
</span><span class="cx">                                 add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
</span><span class="cx">                         }
</span><span class="lines">@@ -309,7 +309,7 @@
</span><span class="cx">         $var = "new_user_$var";
</span><span class="cx">         if( isset( $_POST['createuser'] ) ) {
</span><span class="cx">                 if ( ! isset($$var) )
</span><del>-                        $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
</del><ins>+                        $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
</ins><span class="cx">         } else {
</span><span class="cx">                 $$var = false;
</span><span class="cx">         }
</span></span></pre></div>
<a id="trunkwpadminusersphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/users.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/users.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-admin/users.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -64,9 +64,9 @@
</span><span class="cx"> );
</span><span class="cx">
</span><span class="cx"> if ( empty($_REQUEST) ) {
</span><del>-        $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
</del><ins>+        $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
</ins><span class="cx"> } elseif ( isset($_REQUEST['wp_http_referer']) ) {
</span><del>-        $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
</del><ins>+        $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) );
</ins><span class="cx">         $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
</span><span class="cx"> } else {
</span><span class="cx">         $redirect = 'users.php';
</span><span class="lines">@@ -357,7 +357,7 @@
</span><span class="cx"> default:
</span><span class="cx">
</span><span class="cx">         if ( !empty($_GET['_wp_http_referer']) ) {
</span><del>-                wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
</del><ins>+                wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">                 exit;
</span><span class="cx">         }
</span><span class="cx">
</span><span class="lines">@@ -381,7 +381,7 @@
</span><span class="cx">                 case 'add':
</span><span class="cx">                         if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) {
</span><span class="cx">                                 $messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ),
</span><del>-                                        esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ),
</del><ins>+                                        esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
</ins><span class="cx">                                                 self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>';
</span><span class="cx">                         } else {
</span><span class="cx">                                 $messages[] = '<div id="message" class="updated"><p>' . __( 'New user created.' ) . '</p></div>';
</span></span></pre></div>
<a id="trunkwpincludesclasswpcustomizemanagerphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp-customize-manager.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp-customize-manager.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/class-wp-customize-manager.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -310,7 +310,7 @@
</span><span class="cx">         public function post_value( $setting ) {
</span><span class="cx">                 if ( ! isset( $this->_post_values ) ) {
</span><span class="cx">                         if ( isset( $_POST['customized'] ) )
</span><del>-                                $this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true );
</del><ins>+                                $this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );
</ins><span class="cx">                         else
</span><span class="cx">                                 $this->_post_values = false;
</span><span class="cx">                 }
</span></span></pre></div>
<a id="trunkwpincludesclasswpcustomizesettingphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp-customize-setting.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp-customize-setting.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/class-wp-customize-setting.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -144,7 +144,7 @@
</span><span class="cx">          * @return mixed Null if an input isn't valid, otherwise the sanitized value.
</span><span class="cx">          */
</span><span class="cx">         public function sanitize( $value ) {
</span><del>-                $value = stripslashes_deep( $value );
</del><ins>+                $value = wp_unslash( $value );
</ins><span class="cx">                 return apply_filters( "customize_sanitize_{$this->id}", $value, $this );
</span><span class="cx">         }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpincludesclasswpxmlrpcserverphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/class-wp-xmlrpc-server.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/class-wp-xmlrpc-server.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/class-wp-xmlrpc-server.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -280,16 +280,16 @@
</span><span class="cx">                                 $meta['id'] = (int) $meta['id'];
</span><span class="cx">                                 $pmeta = get_metadata_by_mid( 'post', $meta['id'] );
</span><span class="cx">                                 if ( isset($meta['key']) ) {
</span><del>-                                        $meta['key'] = stripslashes( $meta['key'] );
</del><ins>+                                        $meta['key'] = wp_unslash( $meta['key'] );
</ins><span class="cx">                                         if ( $meta['key'] != $pmeta->meta_key )
</span><span class="cx">                                                 continue;
</span><del>-                                        $meta['value'] = stripslashes_deep( $meta['value'] );
</del><ins>+                                        $meta['value'] = wp_unslash( $meta['value'] );
</ins><span class="cx">                                         if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
</span><span class="cx">                                                 update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
</span><span class="cx">                                 } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
</span><span class="cx">                                         delete_metadata_by_mid( 'post', $meta['id'] );
</span><span class="cx">                                 }
</span><del>-                        } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
</del><ins>+                        } elseif ( current_user_can( 'add_post_meta', $post_id, wp_unslash( $meta['key'] ) ) ) {
</ins><span class="cx">                                 add_post_meta( $post_id, $meta['key'], $meta['value'] );
</span><span class="cx">                         }
</span><span class="cx">                 }
</span><span class="lines">@@ -3746,9 +3746,9 @@
</span><span class="cx">
</span><span class="cx">                 $categories = implode(',', wp_get_post_categories($post_ID));
</span><span class="cx">
</span><del>-                $content = '<title>'.stripslashes($post_data['post_title']).'</title>';
</del><ins>+                $content = '<title>'.wp_unslash($post_data['post_title']).'</title>';
</ins><span class="cx">                 $content .= '<category>'.$categories.'</category>';
</span><del>-                $content .= stripslashes($post_data['post_content']);
</del><ins>+                $content .= wp_unslash($post_data['post_content']);
</ins><span class="cx">
</span><span class="cx">                 $struct = array(
</span><span class="cx">                         'userid' => $post_data['post_author'],
</span><span class="lines">@@ -3800,9 +3800,9 @@
</span><span class="cx">                         $post_date = $this->_convert_date( $entry['post_date'] );
</span><span class="cx">                         $categories = implode(',', wp_get_post_categories($entry['ID']));
</span><span class="cx">
</span><del>-                        $content = '<title>'.stripslashes($entry['post_title']).'</title>';
</del><ins>+                        $content = '<title>'.wp_unslash($entry['post_title']).'</title>';
</ins><span class="cx">                         $content .= '<category>'.$categories.'</category>';
</span><del>-                        $content .= stripslashes($entry['post_content']);
</del><ins>+                        $content .= wp_unslash($entry['post_content']);
</ins><span class="cx">
</span><span class="cx">                         $struct[] = array(
</span><span class="cx">                                 'userid' => $entry['post_author'],
</span></span></pre></div>
<a id="trunkwpincludescommentphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/comment.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/comment.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/comment.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -634,21 +634,21 @@
</span><span class="cx"> function sanitize_comment_cookies() {
</span><span class="cx">         if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
</span><span class="cx">                 $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
</span><del>-                $comment_author = stripslashes($comment_author);
</del><ins>+                $comment_author = wp_unslash($comment_author);
</ins><span class="cx">                 $comment_author = esc_attr($comment_author);
</span><span class="cx">                 $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
</span><span class="cx">         }
</span><span class="cx">
</span><span class="cx">         if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
</span><span class="cx">                 $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
</span><del>-                $comment_author_email = stripslashes($comment_author_email);
</del><ins>+                $comment_author_email = wp_unslash($comment_author_email);
</ins><span class="cx">                 $comment_author_email = esc_attr($comment_author_email);
</span><span class="cx">                 $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
</span><span class="cx">         }
</span><span class="cx">
</span><span class="cx">         if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
</span><span class="cx">                 $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
</span><del>-                $comment_author_url = stripslashes($comment_author_url);
</del><ins>+                $comment_author_url = wp_unslash($comment_author_url);
</ins><span class="cx">                 $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
</span><span class="cx">         }
</span><span class="cx"> }
</span><span class="lines">@@ -1262,7 +1262,7 @@
</span><span class="cx"> */
</span><span class="cx"> function wp_insert_comment($commentdata) {
</span><span class="cx">         global $wpdb;
</span><del>-        extract(stripslashes_deep($commentdata), EXTR_SKIP);
</del><ins>+        extract(wp_unslash($commentdata), EXTR_SKIP);
</ins><span class="cx">
</span><span class="cx">         if ( ! isset($comment_author_IP) )
</span><span class="cx">                 $comment_author_IP = '';
</span><span class="lines">@@ -1502,7 +1502,7 @@
</span><span class="cx">         $commentarr = wp_filter_comment( $commentarr );
</span><span class="cx">
</span><span class="cx">         // Now extract the merged array.
</span><del>-        extract(stripslashes_deep($commentarr), EXTR_SKIP);
</del><ins>+        extract(wp_unslash($commentarr), EXTR_SKIP);
</ins><span class="cx">
</span><span class="cx">         $comment_content = apply_filters('comment_save_pre', $comment_content);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpincludescronphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/cron.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/cron.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/cron.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -230,7 +230,7 @@
</span><span class="cx">                 set_transient( 'doing_cron', $doing_wp_cron );
</span><span class="cx">
</span><span class="cx">                 ob_start();
</span><del>-                wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) );
</del><ins>+                wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
</ins><span class="cx">                 echo ' ';
</span><span class="cx">
</span><span class="cx">                 // flush any buffers and send the headers
</span></span></pre></div>
<a id="trunkwpincludesfeedphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/feed.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/feed.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/feed.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -488,7 +488,7 @@
</span><span class="cx"> */
</span><span class="cx"> function self_link() {
</span><span class="cx">         $host = @parse_url(home_url());
</span><del>-        echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ) ) );
</del><ins>+        echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span></span></pre></div>
<a id="trunkwpincludesformattingphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/formatting.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/formatting.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/formatting.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -1423,7 +1423,7 @@
</span><span class="cx">         if ( get_magic_quotes_gpc() )
</span><span class="cx">                 $gpc = stripslashes($gpc);
</span><span class="cx">
</span><del>-        return esc_sql($gpc);
</del><ins>+        return wp_slash($gpc);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1719,7 +1719,7 @@
</span><span class="cx">         // This is a pre save filter, so text is already escaped.
</span><span class="cx">         $text = stripslashes($text);
</span><span class="cx">         $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
</span><del>-        $text = esc_sql($text);
</del><ins>+        $text = wp_slash($text);
</ins><span class="cx">         return $text;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkwpincludesmetaphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/meta.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/meta.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/meta.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -43,8 +43,8 @@
</span><span class="cx">         $column = esc_sql($meta_type . '_id');
</span><span class="cx">
</span><span class="cx">         // expected_slashed ($meta_key)
</span><del>-        $meta_key = stripslashes($meta_key);
-        $meta_value = stripslashes_deep($meta_value);
</del><ins>+        $meta_key = wp_unslash($meta_key);
+        $meta_value = wp_unslash($meta_value);
</ins><span class="cx">         $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
</span><span class="cx">
</span><span class="cx">         $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
</span><span class="lines">@@ -114,9 +114,9 @@
</span><span class="cx">         $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
</span><span class="cx">
</span><span class="cx">         // expected_slashed ($meta_key)
</span><del>-        $meta_key = stripslashes($meta_key);
</del><ins>+        $meta_key = wp_unslash($meta_key);
</ins><span class="cx">         $passed_value = $meta_value;
</span><del>-        $meta_value = stripslashes_deep($meta_value);
</del><ins>+        $meta_value = wp_unslash($meta_value);
</ins><span class="cx">         $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
</span><span class="cx">
</span><span class="cx">         $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
</span><span class="lines">@@ -196,8 +196,8 @@
</span><span class="cx">         $type_column = esc_sql($meta_type . '_id');
</span><span class="cx">         $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
</span><span class="cx">         // expected_slashed ($meta_key)
</span><del>-        $meta_key = stripslashes($meta_key);
-        $meta_value = stripslashes_deep($meta_value);
</del><ins>+        $meta_key = wp_unslash($meta_key);
+        $meta_value = wp_unslash($meta_value);
</ins><span class="cx">
</span><span class="cx">         $check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
</span><span class="cx">         if ( null !== $check )
</span></span></pre></div>
<a id="trunkwpincludesmsfilesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/ms-files.php (23590 => 23591)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/ms-files.php        2013-03-03 07:36:21 UTC (rev 23590)
+++ trunk/wp-includes/ms-files.php        2013-03-03 16:30:38 UTC (rev 23591)
</span><span class="lines">@@ -58,7 +58,7 @@
</span><span class="cx"> header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
</span><span class="cx">
</span><span class="cx"> // Support for Conditional GET
</span><del>-$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
</del><ins>+$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
</ins><span class="cx">
</span><span class="cx"> if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
</span><span class="cx">         $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;
</span></span></pre>
</div>
</div>
</body>
</html>