WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Unslash early, directly on the superglobal. see #21767. 

git-svn-id: http://core.svn.wordpress.org/trunk@23576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-03-01 17:57:08 +00:00
parent 4e06d41b9f
commit 237f810852
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
wp-admin/includes/ajax-actions.php
View File

@ -559,7 +559,7 @@ function wp_ajax_add_link_category( $action ) {
check_ajax_referer( $action ); check_ajax_referer( $action );
if ( !current_user_can( 'manage_categories' ) ) if ( !current_user_can( 'manage_categories' ) )
wp_die( -1 ); wp_die( -1 );
$names = explode(',', $_POST['newcat']); $names = explode(',', wp_unslash( $_POST['newcat'] ) );
$x = new WP_Ajax_Response(); $x = new WP_Ajax_Response();
foreach ( $names as $cat_name ) { foreach ( $names as $cat_name ) {
$cat_name = trim($cat_name); $cat_name = trim($cat_name);
@ -572,7 +572,7 @@ function wp_ajax_add_link_category( $action ) {
continue; continue;
else if ( is_array( $cat_id ) ) else if ( is_array( $cat_id ) )
$cat_id = $cat_id['term_id']; $cat_id = $cat_id['term_id'];
$cat_name = esc_html(wp_unslash($cat_name)); $cat_name = esc_html( $cat_name );
$x->add( array( $x->add( array(
'what' => 'link-category', 'what' => 'link-category',
'id' => $cat_id, 'id' => $cat_id,
@ -1889,11 +1889,10 @@ function wp_ajax_save_attachment() {
$post['post_content'] = $changes['description']; $post['post_content'] = $changes['description'];
if ( isset( $changes['alt'] ) ) { if ( isset( $changes['alt'] ) ) {
$alt = get_post_meta( $id, '_wp_attachment_image_alt', true ); $alt = wp_unslash( $changes['alt'] );
$new_alt = wp_unslash( $changes['alt'] ); if ( $alt != get_post_meta( $id, '_wp_attachment_image_alt', true ) ) {
if ( $alt != $new_alt ) { $alt = wp_strip_all_tags( $alt, true );
$new_alt = wp_strip_all_tags( $new_alt, true ); update_post_meta( $id, '_wp_attachment_image_alt', wp_slash( $alt ) );
update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) );
} }
} }
@ -2203,7 +2202,7 @@ function wp_ajax_revisions_data() {
$restoreaction = wp_nonce_url( $restoreaction = wp_nonce_url(
add_query_arg( add_query_arg(
array( 'revision' => $revision->ID, array( 'revision' => $revision->ID,
'action' => 'restore' ), 'action' => 'restore' ),
'/wp-admin/revision.php' '/wp-admin/revision.php'
), ),