WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 

git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan Boren 2013-03-01 16:28:40 +00:00
parent 0bb47182a4
commit 43a7e695e9
89 changed files with 657 additions and 533 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/admin.php
View File

@ -43,7 +43,7 @@ if ( get_option('db_upgraded') ) {
do_action('after_db_upgrade');
} elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) {
if ( !is_multisite() ) {
wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
exit;
} elseif ( apply_filters( 'do_mu_upgrade', true ) ) {
/**
@ -82,7 +82,7 @@ wp_enqueue_script( 'common' );
$editing = false;
if ( isset($_GET['page']) ) {
$plugin_page = wp_unslash( $_GET['page'] );
$plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
}

4
wp-admin/custom-background.php
View File

@ -378,7 +378,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) )
// Add the meta-data
wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
set_theme_mod('background_image', esc_url_raw($url));
@ -415,7 +415,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) )
if ( in_array( $_POST['size'], $sizes ) )
$size = esc_attr( $_POST['size'] );
wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) );
$url = wp_get_attachment_image_src( $attachment_id, $size );
$thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' );
set_theme_mod( 'background_image', esc_url_raw( $url[0] ) );

2
wp-admin/custom-header.php
View File

@ -948,7 +948,7 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
'width' => $choice['width'],
);
wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() );
set_theme_mod( 'header_image', $choice['url'] );
set_theme_mod( 'header_image_data', $header_image_data );
return;

10
wp-admin/edit-comments.php
View File

@ -20,9 +20,9 @@ if ( $doaction ) {
check_admin_referer( 'bulk-comments' );
if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
$comment_status = $_REQUEST['comment_status'];
$delete_time = $_REQUEST['pagegen_timestamp'];
$comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
$comment_status = $wpdb->escape( $_REQUEST['comment_status'] );
$delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
$comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" );
$doaction = 'delete';
} elseif ( isset( $_REQUEST['delete_comments'] ) ) {
$comment_ids = $_REQUEST['delete_comments'];
@ -95,7 +95,7 @@ if ( $doaction ) {
wp_safe_redirect( $redirect_to );
exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
@ -153,7 +153,7 @@ else
echo __('Comments');
if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
</h2>
<?php

2
wp-admin/edit-form-advanced.php
View File

@ -314,7 +314,7 @@ if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create
<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post_type ) ?>" />
<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status) ?>" />
<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url( wp_get_referer() ); ?>" />
<input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
<?php if ( ! empty( $active_post_lock ) ) { ?>
<input type="hidden" id="active_post_lock" value="<?php echo esc_attr( implode( ':', $active_post_lock ) ); ?>" />
<?php

2
wp-admin/edit-form-comment.php
View File

@ -132,7 +132,7 @@ do_meta_boxes(null, 'normal', $comment);
<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_get_referer() ); ?>" />
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
<?php wp_original_referer_field(true, 'previous'); ?>
<input type="hidden" name="noredir" value="1" />

1
wp-admin/edit-link-form.php
View File

@ -126,6 +126,7 @@ do_meta_boxes(null, 'advanced', $link);
if ( $link_id ) : ?>
<input type="hidden" name="action" value="save" />
<input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
<input type="hidden" name="order_by" value="<?php echo esc_attr($order_by); ?>" />
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<?php else: ?>
<input type="hidden" name="action" value="add" />

17
wp-admin/edit-tags.php
View File

@ -47,9 +47,7 @@ case 'add-tag':
if ( !current_user_can( $tax->cap->edit_terms ) )
wp_die( __( 'Cheatin&#8217; uh?' ) );
$post_data = wp_unslash( $_POST );
$ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
$ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
$location = 'edit-tags.php?taxonomy=' . $taxonomy;
if ( 'post' != $post_type )
$location .= '&post_type=' . $post_type;
@ -134,10 +132,7 @@ case 'edit':
break;
case 'editedtag':
$post_data = wp_unslash( $_POST );
$tag_ID = (int) $post_data['tag_ID'];
$tag_ID = (int) $_POST['tag_ID'];
check_admin_referer( 'update-tag_' . $tag_ID );
if ( !current_user_can( $tax->cap->edit_terms ) )
@ -147,7 +142,7 @@ case 'editedtag':
if ( ! $tag )
wp_die( __( 'You attempted to edit an item that doesn&#8217;t exist. Perhaps it was deleted?' ) );
$ret = wp_update_term( $tag_ID, $taxonomy, $post_data );
$ret = wp_update_term( $tag_ID, $taxonomy, $_POST );
$location = 'edit-tags.php?taxonomy=' . $taxonomy;
if ( 'post' != $post_type )
@ -169,7 +164,7 @@ break;
default:
if ( ! empty($_REQUEST['_wp_http_referer']) ) {
$location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) );
$location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) );
if ( ! empty( $_REQUEST['paged'] ) )
$location = add_query_arg( 'paged', (int) $_REQUEST['paged'] );
@ -269,8 +264,8 @@ $messages[6] = __('Items deleted.');
<div class="wrap nosubsub">
<?php screen_icon(); ?>
<h2><?php echo esc_html( $title );
if ( ! empty($_REQUEST['s']) )
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash( $_REQUEST['s'] ) ) ); ?>
if ( !empty($_REQUEST['s']) )
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
</h2>
<?php if ( isset($_REQUEST['message']) && ( $msg = (int) $_REQUEST['message'] ) ) : ?>

2
wp-admin/edit.php
View File

@ -138,7 +138,7 @@ if ( $doaction ) {
wp_redirect($sendback);
exit();
} elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
exit;
}

83
wp-admin/includes/ajax-actions.php
View File

@ -59,7 +59,7 @@ function wp_ajax_ajax_tag_search() {
wp_die( 0 );
}
$s = wp_unslash( $_GET['q'] );
$s = stripslashes( $_GET['q'] );
$comma = _x( ',', 'tag delimiter' );
if ( ',' !== $comma )
@ -279,21 +279,19 @@ function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
*/
function _wp_ajax_add_hierarchical_term() {
$post_data = wp_unslash( $_POST );
$action = $post_data['action'];
$action = $_POST['action'];
$taxonomy = get_taxonomy(substr($action, 4));
check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
if ( !current_user_can( $taxonomy->cap->edit_terms ) )
wp_die( -1 );
$names = explode(',', $post_data['new'.$taxonomy->name]);
$parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0;
$names = explode(',', $_POST['new'.$taxonomy->name]);
$parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
if ( 0 > $parent )
$parent = 0;
if ( $taxonomy->name == 'category' )
$post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array();
$post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
else
$post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array();
$post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
$checked_categories = array_map( 'absint', (array) $post_category );
$popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
@ -561,7 +559,7 @@ function wp_ajax_add_link_category( $action ) {
check_ajax_referer( $action );
if ( !current_user_can( 'manage_categories' ) )
wp_die( -1 );
$names = explode( ',', wp_unslash( $_POST['newcat'] ) );
$names = explode(',', $_POST['newcat']);
$x = new WP_Ajax_Response();
foreach ( $names as $cat_name ) {
$cat_name = trim($cat_name);
@ -574,7 +572,7 @@ function wp_ajax_add_link_category( $action ) {
continue;
else if ( is_array( $cat_id ) )
$cat_id = $cat_id['term_id'];
$cat_name = esc_html( wp_unslash( $cat_name ) );
$cat_name = esc_html(stripslashes($cat_name));
$x->add( array(
'what' => 'link-category',
'id' => $cat_id,
@ -588,11 +586,9 @@ function wp_ajax_add_link_category( $action ) {
function wp_ajax_add_tag() {
global $wp_list_table;
$post_data = wp_unslash( $_POST );
check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
$post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post';
$taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag';
$post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
$tax = get_taxonomy($taxonomy);
if ( !current_user_can( $tax->cap->edit_terms ) )
@ -600,7 +596,7 @@ function wp_ajax_add_tag() {
$x = new WP_Ajax_Response();
$tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data );
$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
$message = __('An error has occurred. Please reload the page and try again.');
@ -614,7 +610,7 @@ function wp_ajax_add_tag() {
$x->send();
}
$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $post_data['screen'] ) );
$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) );
$level = 0;
if ( is_taxonomy_hierarchical($taxonomy) ) {
@ -732,10 +728,10 @@ function wp_ajax_replyto_comment( $action ) {
$user = wp_get_current_user();
if ( $user->exists() ) {
$user_ID = $user->ID;
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$comment_content = trim( wp_unslash( $_POST['content'] ) );
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$comment_content = trim($_POST['content']);
if ( current_user_can( 'unfiltered_html' ) ) {
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
@ -961,8 +957,8 @@ function wp_ajax_add_meta() {
) );
} else { // Update?
$mid = (int) key( $_POST['meta'] );
$key = wp_unslash( $_POST['meta'][$mid]['key'] );
$value = wp_unslash( $_POST['meta'][$mid]['value'] );
$key = stripslashes( $_POST['meta'][$mid]['key'] );
$value = stripslashes( $_POST['meta'][$mid]['value'] );
if ( '' == trim($key) )
wp_die( __( 'Please provide a custom field name.' ) );
if ( '' == trim($value) )
@ -1231,7 +1227,7 @@ function wp_ajax_wp_link_ajax() {
$args = array();
if ( isset( $_POST['search'] ) )
$args['s'] = wp_unslash( $_POST['search'] );
$args['s'] = stripslashes( $_POST['search'] );
$args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
require(ABSPATH . WPINC . '/class-wp-editor.php');
@ -1332,6 +1328,7 @@ function wp_ajax_inline_save() {
$data = &$_POST;
$post = get_post( $post_ID, ARRAY_A );
$post = add_magic_quotes($post); //since it is from db
$data['content'] = $post['post_content'];
$data['excerpt'] = $post['post_excerpt'];
@ -1380,9 +1377,7 @@ function wp_ajax_inline_save_tax() {
check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
$post_data = wp_unslash( $_POST );
$taxonomy = sanitize_key( $post_data['taxonomy'] );
$taxonomy = sanitize_key( $_POST['taxonomy'] );
$tax = get_taxonomy( $taxonomy );
if ( ! $tax )
wp_die( 0 );
@ -1392,13 +1387,13 @@ function wp_ajax_inline_save_tax() {
$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) );
if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) )
if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
wp_die( -1 );
$tag = get_term( $id, $taxonomy );
$post_data['description'] = $tag->description;
$_POST['description'] = $tag->description;
$updated = wp_update_term($id, $taxonomy, $post_data );
$updated = wp_update_term($id, $taxonomy, $_POST);
if ( $updated && !is_wp_error($updated) ) {
$tag = get_term( $updated['term_id'], $taxonomy );
if ( !$tag || is_wp_error( $tag ) ) {
@ -1430,7 +1425,7 @@ function wp_ajax_find_posts() {
$post_types = get_post_types( array( 'public' => true ), 'objects' );
unset( $post_types['attachment'] );
$s = wp_unslash( $_POST['ps'] );
$s = stripslashes( $_POST['ps'] );
$searchand = $search = '';
$args = array(
'post_type' => array_keys( $post_types ),
@ -1601,7 +1596,7 @@ function wp_ajax_upload_attachment() {
$post_id = null;
}
$post_data = isset( $_REQUEST['post_data'] ) ? wp_unslash( $_REQUEST['post_data'] ) : array();
$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
// If the context is custom header or background, make sure the uploaded file is an image.
if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
@ -1635,10 +1630,10 @@ function wp_ajax_upload_attachment() {
if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
if ( 'custom-background' === $post_data['context'] )
wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
if ( 'custom-header' === $post_data['context'] )
wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
}
if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
@ -1783,7 +1778,7 @@ function wp_ajax_wp_remove_post_lock() {
wp_die( 0 );
$new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1];
wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
wp_die( 1 );
}
@ -1878,7 +1873,7 @@ function wp_ajax_save_attachment() {
if ( ! current_user_can( 'edit_post', $id ) )
wp_send_json_error();
$changes = wp_unslash( $_REQUEST['changes'] );
$changes = $_REQUEST['changes'];
$post = get_post( $id, ARRAY_A );
if ( 'attachment' != $post['post_type'] )
@ -1895,10 +1890,10 @@ function wp_ajax_save_attachment() {
if ( isset( $changes['alt'] ) ) {
$alt = get_post_meta( $id, '_wp_attachment_image_alt', true );
$new_alt = $changes['alt'];
$new_alt = stripslashes( $changes['alt'] );
if ( $alt != $new_alt ) {
$new_alt = wp_strip_all_tags( $new_alt, true );
wp_update_post_meta( $id, '_wp_attachment_image_alt', $new_alt );
update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) );
}
}
@ -1920,7 +1915,7 @@ function wp_ajax_save_attachment_compat() {
if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) )
wp_send_json_error();
$attachment_data = wp_unslash( $_REQUEST['attachments'][ $id ] );
$attachment_data = $_REQUEST['attachments'][ $id ];
check_ajax_referer( 'update-post_' . $id, 'nonce' );
@ -1964,7 +1959,7 @@ function wp_ajax_save_attachment_order() {
check_ajax_referer( 'update-post_' . $post_id, 'nonce' );
$attachments = wp_unslash( $_REQUEST['attachments'] );
$attachments = $_REQUEST['attachments'];
if ( ! current_user_can( 'edit_post', $post_id ) )
wp_send_json_error();
@ -1995,7 +1990,7 @@ function wp_ajax_save_attachment_order() {
function wp_ajax_send_attachment_to_editor() {
check_ajax_referer( 'media-send-to-editor', 'nonce' );
$attachment = wp_unslash( $_POST['attachment'] );
$attachment = stripslashes_deep( $_POST['attachment'] );
$id = intval( $attachment['id'] );
@ -2050,7 +2045,7 @@ function wp_ajax_send_attachment_to_editor() {
function wp_ajax_send_link_to_editor() {
check_ajax_referer( 'media-send-to-editor', 'nonce' );
if ( ! $src = wp_unslash( $_POST['src'] ) )
if ( ! $src = stripslashes( $_POST['src'] ) )
wp_send_json_error();
if ( ! strpos( $src, '://' ) )
@ -2059,7 +2054,7 @@ function wp_ajax_send_link_to_editor() {
if ( ! $src = esc_url_raw( $src ) )
wp_send_json_error();
if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) )
if ( ! $title = trim( stripslashes( $_POST['title'] ) ) )
$title = wp_basename( $src );
$html = '';
@ -2088,7 +2083,7 @@ function wp_ajax_heartbeat() {
$screen_id = 'site';
if ( ! empty($_POST['data']) ) {
$data = wp_unslash( (array) $_POST['data'] );
$data = (array) $_POST['data'];
// todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..?
$user = wp_get_current_user();
$data['user_id'] = $user->exists() ? $user->ID : 0;
@ -2119,7 +2114,7 @@ function wp_ajax_nopriv_heartbeat() {
$screen_id = 'site';
if ( ! empty($_POST['data']) ) {
$data = wp_unslash( (array) $_POST['data'] );
$data = stripslashes_deep( (array) $_POST['data'] );
$response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
}

13
wp-admin/includes/bookmark.php
View File

@ -39,9 +39,9 @@ function edit_link( $link_id = 0 ) {
if ( !empty( $link_id ) ) {
$_POST['link_id'] = $link_id;
return wp_update_link( wp_unslash( $_POST ) );
return wp_update_link( $_POST );
} else {
return wp_insert_link( wp_unslash( $_POST ) );
return wp_insert_link( $_POST );
}
}
@ -55,12 +55,12 @@ function edit_link( $link_id = 0 ) {
function get_default_link_to_edit() {
$link = new stdClass;
if ( isset( $_GET['linkurl'] ) )
$link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ) );
$link->link_url = esc_url( $_GET['linkurl'] );
else
$link->link_url = '';
if ( isset( $_GET['name'] ) )
$link->link_name = esc_attr( wp_unslash( $_GET['name'] ) );
$link->link_name = esc_attr( $_GET['name'] );
else
$link->link_name = '';
@ -137,7 +137,7 @@ function wp_insert_link( $linkdata, $wp_error = false ) {
$linkdata = wp_parse_args( $linkdata, $defaults );
$linkdata = sanitize_bookmark( $linkdata, 'db' );
extract( $linkdata, EXTR_SKIP );
extract( stripslashes_deep( $linkdata ), EXTR_SKIP );
$update = false;
@ -250,6 +250,9 @@ function wp_update_link( $linkdata ) {
$link = get_bookmark( $link_id, ARRAY_A );
// Escape data pulled from DB.
$link = add_magic_quotes( $link );
// Passed link category list overwrites existing category list if not empty.
if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] )
&& 0 != count( $linkdata['link_category'] ) )

2
wp-admin/includes/class-wp-comments-list-table.php
View File

@ -170,7 +170,7 @@ class WP_Comments_List_Table extends WP_List_Table {
/*
// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
if ( !empty( $_REQUEST['s'] ) )
$link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link );
$link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link );
*/
$status_links[$status] = "<a href='$link'$class>" . sprintf(
translate_nooped_plural( $label, $num_comments->$status ),

2
wp-admin/includes/class-wp-ms-sites-list-table.php
View File

@ -29,7 +29,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table {
$pagenum = $this->get_pagenum();
$s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : '';
$s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : '';
$wild = '';
if ( false !== strpos($s, '*') ) {
$wild = '%';

2
wp-admin/includes/class-wp-ms-themes-list-table.php
View File

@ -126,7 +126,7 @@ class WP_MS_Themes_List_Table extends WP_List_Table {
function _search_callback( $theme ) {
static $term;
if ( is_null( $term ) )
$term = wp_unslash( $_REQUEST['s'] );
$term = stripslashes( $_REQUEST['s'] );
foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) {
// Don't mark up; Do translate.

6
wp-admin/includes/class-wp-ms-users-list-table.php
View File

@ -173,10 +173,10 @@ class WP_MS_Users_List_Table extends WP_List_Table {
case 'username':
$avatar = get_avatar( $user->user_email, 32 );
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
echo "<td $attributes>"; ?>
<?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php
<?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo stripslashes( $user->user_login ); ?></a><?php
if ( in_array( $user->user_login, $super_admins ) )
echo ' - ' . __( 'Super Admin' );
?></strong>
@ -186,7 +186,7 @@ class WP_MS_Users_List_Table extends WP_List_Table {
$actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) {
$actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
$actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
}
$actions = apply_filters( 'ms_user_row_actions', $actions, $user );

6
wp-admin/includes/class-wp-plugin-install-list-table.php
View File

@ -48,8 +48,8 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {
switch ( $tab ) {
case 'search':
$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
$term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
$term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
switch ( $type ) {
case 'tag':
@ -73,7 +73,7 @@ class WP_Plugin_Install_List_Table extends WP_List_Table {
break;
case 'favorites':
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
$user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
if ( $user )
$args['user'] = $user;

4
wp-admin/includes/class-wp-plugins-list-table.php
View File

@ -22,7 +22,7 @@ class WP_Plugins_List_Table extends WP_List_Table {
$status = $_REQUEST['plugin_status'];
if ( isset($_REQUEST['s']) )
$_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) );
$_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) );
$page = $this->get_pagenum();
}
@ -140,7 +140,7 @@ class WP_Plugins_List_Table extends WP_List_Table {
function _search_callback( $plugin ) {
static $term;
if ( is_null( $term ) )
$term = wp_unslash( $_REQUEST['s'] );
$term = stripslashes( $_REQUEST['s'] );
foreach ( $plugin as $value )
if ( stripos( $value, $term ) !== false )

6
wp-admin/includes/class-wp-terms-list-table.php
View File

@ -52,7 +52,7 @@ class WP_Terms_List_Table extends WP_List_Table {
$tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter
}
$search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
$search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : '';
$args = array(
'search' => $search,
@ -61,10 +61,10 @@ class WP_Terms_List_Table extends WP_List_Table {
);
if ( !empty( $_REQUEST['orderby'] ) )
$args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
$args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) );
if ( !empty( $_REQUEST['order'] ) )
$args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
$args['order'] = trim( stripslashes( $_REQUEST['order'] ) );
$this->callback_args = $args;

4
wp-admin/includes/class-wp-theme-install-list-table.php
View File

@ -24,7 +24,7 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
$search_terms = array();
$search_string = '';
if ( ! empty( $_REQUEST['s'] ) ){
$search_string = strtolower( wp_unslash( $_REQUEST['s'] ) );
$search_string = strtolower( stripslashes( $_REQUEST['s'] ) );
$search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) );
}
@ -59,7 +59,7 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table {
switch ( $tab ) {
case 'search':
$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
switch ( $type ) {
case 'tag':
$args['tag'] = array_map( 'sanitize_key', $search_terms );

4
wp-admin/includes/class-wp-themes-list-table.php
View File

@ -28,7 +28,7 @@ class WP_Themes_List_Table extends WP_List_Table {
$themes = wp_get_themes( array( 'allowed' => true ) );
if ( ! empty( $_REQUEST['s'] ) )
$this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) );
$this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) );
if ( ! empty( $_REQUEST['features'] ) )
$this->features = $_REQUEST['features'];
@ -235,7 +235,7 @@ class WP_Themes_List_Table extends WP_List_Table {
* @uses _pagination_args['total_pages']
*/
function _js_vars( $extra_args = array() ) {
$search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
$search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
$args = array(
'search' => $search_string,

2
wp-admin/includes/class-wp-upgrader.php
View File

@ -1427,7 +1427,7 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin {
$install_actions = array();
$from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins';
$from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins';
if ( 'import' == $from )
$install_actions['activate_plugin'] = '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;from=import&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . esc_attr__('Activate this plugin') . '" target="_parent">' . __('Activate Plugin &amp; Run Importer') . '</a>';

2
wp-admin/includes/class-wp-users-list-table.php
View File

@ -241,7 +241,7 @@ class WP_Users_List_Table extends WP_List_Table {
// Check if the user for this row is editable
if ( current_user_can( 'list_users' ) ) {
// Set up the user editing link
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
$edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) );
// Set up the hover actions for this user
$actions = array();

39
wp-admin/includes/comment.php
View File

@ -19,6 +19,9 @@
function comment_exists($comment_author, $comment_date) {
global $wpdb;
$comment_author = stripslashes($comment_author);
$comment_date = stripslashes($comment_date);
return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
}
@ -30,40 +33,38 @@ function comment_exists($comment_author, $comment_date) {
*/
function edit_comment() {
$post_data = wp_unslash( $_POST );
if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) )
if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) )
wp_die ( __( 'You are not allowed to edit comments on this post.' ) );
$post_data['comment_author'] = $post_data['newcomment_author'];
$post_data['comment_author_email'] = $post_data['newcomment_author_email'];
$post_data['comment_author_url'] = $post_data['newcomment_author_url'];
$post_data['comment_approved'] = $post_data['comment_status'];
$post_data['comment_content'] = $post_data['content'];
$post_data['comment_ID'] = (int) $post_data['comment_ID'];
$_POST['comment_author'] = $_POST['newcomment_author'];
$_POST['comment_author_email'] = $_POST['newcomment_author_email'];
$_POST['comment_author_url'] = $_POST['newcomment_author_url'];
$_POST['comment_approved'] = $_POST['comment_status'];
$_POST['comment_content'] = $_POST['content'];
$_POST['comment_ID'] = (int) $_POST['comment_ID'];
foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) {
$_POST['edit_date'] = '1';
break;
}
}
if ( !empty ( $post_data['edit_date'] ) ) {
$aa = $post_data['aa'];
$mm = $post_data['mm'];
$jj = $post_data['jj'];
$hh = $post_data['hh'];
$mn = $post_data['mn'];
$ss = $post_data['ss'];
if ( !empty ( $_POST['edit_date'] ) ) {
$aa = $_POST['aa'];
$mm = $_POST['mm'];
$jj = $_POST['jj'];
$hh = $_POST['hh'];
$mn = $_POST['mn'];
$ss = $_POST['ss'];
$jj = ($jj > 31 ) ? 31 : $jj;
$hh = ($hh > 23 ) ? $hh -24 : $hh;
$mn = ($mn > 59 ) ? $mn -60 : $mn;
$ss = ($ss > 59 ) ? $ss -60 : $ss;
$post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
$_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
}
wp_update_comment( $post_data );
wp_update_comment( $_POST );
}
/**

2
wp-admin/includes/dashboard.php
View File

@ -1093,7 +1093,7 @@ function wp_dashboard_rss_control( $widget_id, $form_inputs = array() ) {
$widget_options[$widget_id]['number'] = $number;
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) {
$_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] );
$_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] );
$widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
// title is optional. If black, fill it if possible
if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) {

7
wp-admin/includes/deprecated.php
View File

@ -472,13 +472,14 @@ class WP_User_Search {
function WP_User_Search ($search_term = '', $page = '', $role = '') {
_deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
$this->search_term = $search_term;
$this->search_term = stripslashes( $search_term );
$this->raw_page = ( '' == $page ) ? false : (int) $page;
$this->page = (int) ( '' == $page ) ? 1 : $page;
$this->role = $role;
$this->prepare_query();
$this->query();
$this->prepare_vars_for_template_usage();
$this->do_paging();
}
@ -549,7 +550,9 @@ class WP_User_Search {
* @since 2.1.0
* @access public
*/
function prepare_vars_for_template_usage() {}
function prepare_vars_for_template_usage() {
$this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone
}
/**
* {@internal Missing Short Description}}

14
wp-admin/includes/file.php
View File

@ -901,13 +901,13 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
// Check to see if we are setting the public/private keys for ssh
$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
//sanitize the hostname, Some people might pass in odd-data:
$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
@ -925,7 +925,7 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
$credentials['connection_type'] = 'ftps';
else if ( !empty($_POST['connection_type']) )
$credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
$credentials['connection_type'] = stripslashes($_POST['connection_type']);
else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
$credentials['connection_type'] = 'ftp';
@ -1050,7 +1050,7 @@ jQuery(function($){
<?php
foreach ( (array) $extra_fields as $field ) {
if ( isset( $_POST[ $field ] ) )
echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';
echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '" />';
}
submit_button( __( 'Proceed' ), 'button', 'upgrade' );
?>

8
wp-admin/includes/image-edit.php
View File

@ -454,7 +454,7 @@ function stream_preview_image( $post_id ) {
if ( is_wp_error( $img ) )
return false;
$changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash( $_REQUEST['history'] ) ) : null;
$changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null;
if ( $changes )
$img = image_edit_apply_changes( $img, $changes );
@ -533,7 +533,7 @@ function wp_restore_image($post_id) {
}
}
if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) {
$msg->error = __('Cannot save image metadata.');
return $msg;
}
@ -587,7 +587,7 @@ function wp_save_image( $post_id ) {
return $return;
}
} elseif ( !empty($_REQUEST['history']) ) {
$changes = json_decode( wp_unslash( $_REQUEST['history'] ) );
$changes = json_decode( stripslashes($_REQUEST['history']) );
if ( $changes )
$img = image_edit_apply_changes($img, $changes);
} else {
@ -699,7 +699,7 @@ function wp_save_image( $post_id ) {
if ( $success ) {
wp_update_attachment_metadata( $post_id, $meta );
wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes);
if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) {
// Check if it's an image edit from attachment edit screen

17
wp-admin/includes/media.php
View File

@ -444,8 +444,6 @@ function media_upload_form_handler() {
}
if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
$attachment = wp_unslash( $attachment );
$post = $_post = get_post($attachment_id, ARRAY_A);
$post_type_object = get_post_type_object( $post[ 'post_type' ] );
@ -470,9 +468,10 @@ function media_upload_form_handler() {
if ( isset($attachment['image_alt']) ) {
$image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
if ( $image_alt != $attachment['image_alt'] ) {
$image_alt = wp_strip_all_tags( $attachment['image_alt'], true );
wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt );
if ( $image_alt != stripslashes($attachment['image_alt']) ) {
$image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true );
// update_meta expects slashed
update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
}
}
@ -502,7 +501,7 @@ function media_upload_form_handler() {
}
if ( isset($send_id) ) {
$attachment = wp_unslash( $_POST['attachments'][$send_id] );
$attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
$html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
if ( !empty($attachment['url']) ) {
@ -547,7 +546,7 @@ function wp_media_upload_handler() {
$src = "http://$src";
if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) {
$title = esc_html( wp_unslash( $_POST['title'] ) );
$title = esc_html( stripslashes( $_POST['title'] ) );
if ( empty( $title ) )
$title = esc_html( basename( $src ) );
@ -562,9 +561,9 @@ function wp_media_upload_handler() {
$html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title );
} else {
$align = '';
$alt = esc_attr( wp_unslash( $_POST['alt'] ) );
$alt = esc_attr( stripslashes( $_POST['alt'] ) );
if ( isset($_POST['align']) ) {
$align = esc_attr( wp_unslash( $_POST['align'] ) );
$align = esc_attr( stripslashes( $_POST['align'] ) );
$class = " class='align$align'";
}
if ( !empty($src) )

10
wp-admin/includes/misc.php
View File

@ -220,7 +220,7 @@ add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
* @return string
*/
function url_shorten( $url ) {
$short_url = str_replace( 'http://', '', $url );
$short_url = str_replace( 'http://', '', stripslashes( $url ));
$short_url = str_replace( 'www.', '', $short_url );
$short_url = untrailingslashit( $short_url );
if ( strlen( $short_url ) > 35 )
@ -248,9 +248,9 @@ function wp_reset_vars( $vars ) {
if ( empty( $_GET[$var] ) )
$$var = '';
else
$$var = wp_unslash( $_GET[$var] );
$$var = $_GET[$var];
} else {
$$var = wp_unslash( $_POST[$var] );
$$var = $_POST[$var];
}
}
}
@ -323,8 +323,8 @@ function set_screen_options() {
if ( !$user = wp_get_current_user() )
return;
$option = wp_unslash( $_POST['wp_screen_options']['option'] );
$value = wp_unslash( $_POST['wp_screen_options']['value'] );
$option = $_POST['wp_screen_options']['option'];
$value = $_POST['wp_screen_options']['value'];
if ( $option != sanitize_key( $option ) )
return;

12
wp-admin/includes/plugin-install.php
View File

@ -116,8 +116,8 @@ add_action('install_plugins_dashboard', 'install_dashboard');
* @since 2.7.0
*/
function install_search_form( $type_selector = true ) {
$type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term';
$term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : '';
$type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term';
$term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
?><form id="search-plugins" method="get" action="">
<input type="hidden" name="tab" value="search" />
@ -160,7 +160,7 @@ add_action('install_plugins_upload', 'install_plugins_upload', 10, 1);
*
*/
function install_plugins_favorites_form() {
$user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
$user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
?>
<p class="install-help"><?php _e( 'If you have marked plugins as favorites on WordPress.org, you can browse them here.' ); ?></p>
<form method="get" action="">
@ -251,7 +251,7 @@ function install_plugin_install_status($api, $loop = false) {
}
}
if ( isset($_GET['from']) )
$url .= '&amp;from=' . urlencode( wp_unslash( $_GET['from'] ) );
$url .= '&amp;from=' . urlencode(stripslashes($_GET['from']));
return compact('status', 'url', 'version');
}
@ -264,7 +264,7 @@ function install_plugin_install_status($api, $loop = false) {
function install_plugin_information() {
global $tab;
$api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) ));
$api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) ));
if ( is_wp_error($api) )
wp_die($api);
@ -295,7 +295,7 @@ function install_plugin_information() {
$api->$key = wp_kses( $api->$key, $plugins_allowedtags );
}
$section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
$section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English.
if ( empty($section) || ! isset($api->sections[ $section ]) )
$section = array_shift( $section_titles = array_keys((array)$api->sections) );

54
wp-admin/includes/post.php
View File

@ -149,8 +149,8 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
*/
function edit_post( $post_data = null ) {
if ( empty( $post_data ) )
$post_data = wp_unslash( $_POST );
if ( empty($post_data) )
$post_data = &$_POST;
// Clear out any data in internal vars.
unset( $post_data['filter'] );
@ -236,9 +236,10 @@ function edit_post( $post_data = null ) {
if ( 'attachment' == $post_data['post_type'] ) {
if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
$image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
if ( $image_alt != $post_data['_wp_attachment_image_alt'] ) {
$image_alt = wp_strip_all_tags( $post_data['_wp_attachment_image_alt'], true );
wp_update_post_meta( $post_ID, '_wp_attachment_image_alt', $image_alt );
if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
$image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
// update_meta expects slashed
update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
}
}
@ -248,7 +249,7 @@ function edit_post( $post_data = null ) {
add_meta( $post_ID );
wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
wp_update_post( $post_data );
@ -429,15 +430,15 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false )
$post_title = '';
if ( !empty( $_REQUEST['post_title'] ) )
$post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
$post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
$post_content = '';
if ( !empty( $_REQUEST['content'] ) )
$post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
$post_content = esc_html( stripslashes( $_REQUEST['content'] ));
$post_excerpt = '';
if ( !empty( $_REQUEST['excerpt'] ) )
$post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
$post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
if ( $create_in_db ) {
$post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) );
@ -486,9 +487,9 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false )
function post_exists($title, $content = '', $date = '') {
global $wpdb;
$post_title = sanitize_post_field( 'post_title', $title, 0, 'db' );
$post_content = sanitize_post_field( 'post_content', $content, 0, 'db' );
$post_date = sanitize_post_field( 'post_date', $date, 0, 'db' );
$post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
$post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
$post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
$query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
$args = array();
@ -566,7 +567,7 @@ function wp_write_post() {
}
// Create the post.
$post_ID = wp_insert_post( wp_unslash( $_POST ) );
$post_ID = wp_insert_post( $_POST );
if ( is_wp_error( $post_ID ) )
return $post_ID;
@ -575,7 +576,7 @@ function wp_write_post() {
add_meta( $post_ID );
wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links( $post_ID );
@ -619,9 +620,9 @@ function add_meta( $post_ID ) {
global $wpdb;
$post_ID = (int) $post_ID;
$metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
$metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
$metavalue = isset($_POST['metavalue']) ? wp_unslash( trim( $_POST['metavalue'] ) ) : '';
$metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
$metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
$metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
if ( is_string( $metavalue ) )
$metavalue = trim( $metavalue );
@ -638,7 +639,9 @@ function add_meta( $post_ID ) {
if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
return false;
return wp_add_post_meta( $post_ID, $metakey, $metavalue );
$metakey = esc_sql( $metakey );
return add_post_meta( $post_ID, $metakey, $metavalue );
}
return false;
@ -711,11 +714,14 @@ function has_meta( $postid ) {
* @since 1.2.0
*
* @param unknown_type $meta_id
* @param unknown_type $meta_key
* @param unknown_type $meta_value
* @param unknown_type $meta_key Expect Slashed
* @param unknown_type $meta_value Expect Slashed
* @return unknown
*/
function update_meta( $meta_id, $meta_key, $meta_value ) {
$meta_key = stripslashes( $meta_key );
$meta_value = stripslashes_deep( $meta_value );
return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
}
@ -769,6 +775,8 @@ function _fix_attachment_links( $post_ID ) {
if ( $replace ) {
$post['post_content'] = $content;
// Escape data pulled from DB.
$post = add_magic_quotes($post);
return wp_update_post($post);
}
@ -1179,7 +1187,7 @@ function wp_set_post_lock( $post_id ) {
$now = time();
$lock = "$now:$user_id";
wp_update_post_meta( $post->ID, '_edit_lock', $lock );
update_post_meta( $post->ID, '_edit_lock', $lock );
return array( $now, $user_id );
}
@ -1230,14 +1238,14 @@ function wp_create_post_autosave( $post_id ) {
// Only store one autosave. If there is already an autosave, overwrite it.
if ( $old_autosave = wp_get_post_autosave( $post_id ) ) {
$new_autosave = _wp_post_revision_fields( wp_unslash( $_POST ), true );
$new_autosave = _wp_post_revision_fields( $_POST, true );
$new_autosave['ID'] = $old_autosave->ID;
$new_autosave['post_author'] = get_current_user_id();
return wp_update_post( $new_autosave );
}
// _wp_put_post_revision() expects unescaped.
$_POST = wp_unslash( $_POST );
$_POST = stripslashes_deep($_POST);
// Otherwise create the new autosave as a special post revision
return _wp_put_post_revision( $_POST, true );

8
wp-admin/includes/schema.php
View File

@ -505,11 +505,13 @@ function populate_options() {
else
$autoload = 'yes';
$option = $wpdb->escape($option);
if ( is_array($value) )
$value = serialize($value);
$value = $wpdb->escape($value);
if ( !empty($insert) )
$insert .= ', ';
$insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload );
$insert .= "('$option', '$value', '$autoload')";
}
if ( !empty($insert) )
@ -919,11 +921,13 @@ We hope you enjoy your new site. Thanks!
$insert = '';
foreach ( $sitemeta as $meta_key => $meta_value ) {
$meta_key = $wpdb->escape( $meta_key );
if ( is_array( $meta_value ) )
$meta_value = serialize( $meta_value );
$meta_value = $wpdb->escape( $meta_value );
if ( !empty( $insert ) )
$insert .= ', ';
$insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value );
$insert .= "( $network_id, '$meta_key', '$meta_value')";
}
$wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert );

3
wp-admin/includes/taxonomy.php
View File

@ -157,6 +157,9 @@ function wp_update_category($catarr) {
// First, get all of the original fields
$category = get_category($cat_ID, ARRAY_A);
// Escape data pulled from DB.
$category = add_magic_quotes($category);
// Merge old and new fields with new fields overwriting old ones.
$catarr = array_merge($category, $catarr);

2
wp-admin/includes/template.php
View File

@ -1333,7 +1333,7 @@ function _draft_or_post_title( $post = 0 ) {
*
*/
function _admin_search_query() {
echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
}
/**

6
wp-admin/includes/theme-install.php
View File

@ -50,8 +50,8 @@ function install_themes_feature_list() {
* @since 2.8.0
*/
function install_theme_search_form( $type_selector = true ) {
$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
$term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
$term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
if ( ! $type_selector )
echo '<p class="install-help">' . __( 'Search for themes by keyword.' ) . '</p>';
?>
@ -179,7 +179,7 @@ add_action('install_themes_updated', 'display_themes');
function install_theme_information() {
global $tab, $themes_allowedtags, $wp_list_table;
$theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) );
$theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) );
if ( is_wp_error( $theme ) )
wp_die( $theme );

20
wp-admin/includes/upgrade.php
View File

@ -132,7 +132,7 @@ function wp_install_defaults($user_id) {
$first_post = get_site_option( 'first_post' );
if ( empty($first_post) )
$first_post = __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' );
$first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
$first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post );
$first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
@ -636,23 +636,23 @@ function upgrade_160() {
$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
foreach ( $users as $user ) :
if ( !empty( $user->user_firstname ) )
update_user_meta( $user->ID, 'first_name', $user->user_firstname );
update_user_meta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) );
if ( !empty( $user->user_lastname ) )
update_user_meta( $user->ID, 'last_name', $user->user_lastname );
update_user_meta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
if ( !empty( $user->user_nickname ) )
update_user_meta( $user->ID, 'nickname', $user->user_nickname );
update_user_meta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
if ( !empty( $user->user_level ) )
update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level );
if ( !empty( $user->user_icq ) )
update_user_meta( $user->ID, 'icq', $user->user_icq );
update_user_meta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
if ( !empty( $user->user_aim ) )
update_user_meta( $user->ID, 'aim', $user->user_aim );
update_user_meta( $user->ID, 'aim', $wpdb->escape($user->user_aim) );
if ( !empty( $user->user_msn ) )
update_user_meta( $user->ID, 'msn', $user->user_msn );
update_user_meta( $user->ID, 'msn', $wpdb->escape($user->user_msn) );
if ( !empty( $user->user_yim ) )
update_user_meta( $user->ID, 'yim', $user->user_icq );
update_user_meta( $user->ID, 'yim', $wpdb->escape($user->user_icq) );
if ( !empty( $user->user_description ) )
update_user_meta( $user->ID, 'description', $user->user_description );
update_user_meta( $user->ID, 'description', $wpdb->escape($user->user_description) );
if ( isset( $user->user_idmode ) ):
$idmode = $user->user_idmode;
@ -854,7 +854,7 @@ function upgrade_230() {
foreach ( $link_cats as $category) {
$cat_id = (int) $category->cat_id;
$term_id = 0;
$name = $category->cat_name;
$name = $wpdb->escape($category->cat_name);
$slug = sanitize_title($name);
$term_group = 0;

71
wp-admin/includes/user.php
View File

@ -34,25 +34,22 @@ function edit_user( $user_id = 0 ) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata( $user_id );
$user->user_login = $userdata->user_login;
$user->user_login = $wpdb->escape( $userdata->user_login );
} else {
$update = false;
}
// get clean data before we get started.
$post_data = wp_unslash( $_POST );
if ( !$update && isset( $post_data['user_login'] ) )
$user->user_login = sanitize_user($post_data['user_login'], true);
if ( !$update && isset( $_POST['user_login'] ) )
$user->user_login = sanitize_user($_POST['user_login'], true);
$pass1 = $pass2 = '';
if ( isset( $post_data['pass1'] ))
$pass1 = $post_data['pass1'];
if ( isset( $post_data['pass2'] ))
$pass2 = $post_data['pass2'];
if ( isset( $_POST['pass1'] ))
$pass1 = $_POST['pass1'];
if ( isset( $_POST['pass2'] ))
$pass2 = $_POST['pass2'];
if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) {
$new_role = sanitize_text_field( $post_data['role'] );
if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
$new_role = sanitize_text_field( $_POST['role'] );
$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
@ -65,44 +62,44 @@ function edit_user( $user_id = 0 ) {
wp_die(__('You can&#8217;t give users that role.'));
}
if ( isset( $post_data['email'] ))
$user->user_email = sanitize_text_field( $post_data['email'] );
if ( isset( $post_data['url'] ) ) {
if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) {
if ( isset( $_POST['email'] ))
$user->user_email = sanitize_text_field( $_POST['email'] );
if ( isset( $_POST['url'] ) ) {
if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw( $post_data['url'] );
$user->user_url = esc_url_raw( $_POST['url'] );
$protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
}
}
if ( isset( $post_data['first_name'] ) )
$user->first_name = sanitize_text_field( $post_data['first_name'] );
if ( isset( $post_data['last_name'] ) )
$user->last_name = sanitize_text_field( $post_data['last_name'] );
if ( isset( $post_data['nickname'] ) )
$user->nickname = sanitize_text_field( $post_data['nickname'] );
if ( isset( $post_data['display_name'] ) )
$user->display_name = sanitize_text_field( $post_data['display_name'] );
if ( isset( $_POST['first_name'] ) )
$user->first_name = sanitize_text_field( $_POST['first_name'] );
if ( isset( $_POST['last_name'] ) )
$user->last_name = sanitize_text_field( $_POST['last_name'] );
if ( isset( $_POST['nickname'] ) )
$user->nickname = sanitize_text_field( $_POST['nickname'] );
if ( isset( $_POST['display_name'] ) )
$user->display_name = sanitize_text_field( $_POST['display_name'] );
if ( isset( $post_data['description'] ) )
$user->description = trim( $post_data['description'] );
if ( isset( $_POST['description'] ) )
$user->description = trim( $_POST['description'] );
foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) {
if ( isset( $post_data[$method] ))
$user->$method = sanitize_text_field( $post_data[$method] );
if ( isset( $_POST[$method] ))
$user->$method = sanitize_text_field( $_POST[$method] );
}
if ( $update ) {
$user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh';
$user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false';
$user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
$user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
}
$user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : '';
$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if ( !empty($post_data['use_ssl']) )
if ( !empty($_POST['use_ssl']) )
$user->use_ssl = 1;
$errors = new WP_Error();
@ -127,7 +124,7 @@ function edit_user( $user_id = 0 ) {
}
/* Check for "\" in password */
if ( false !== strpos( $pass1, "\\" ) )
if ( false !== strpos( stripslashes($pass1), "\\" ) )
$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
/* checking the password has been typed twice the same */
@ -137,7 +134,7 @@ function edit_user( $user_id = 0 ) {
if ( !empty( $pass1 ) )
$user->user_pass = $pass1;
if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) )
if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
if ( !$update && username_exists( $user->user_login ) )
@ -162,7 +159,7 @@ function edit_user( $user_id = 0 ) {
$user_id = wp_update_user( $user );
} else {
$user_id = wp_insert_user( $user );
wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' );
wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' );
}
return $user_id;
}

18
wp-admin/install.php
View File

@ -84,10 +84,10 @@ function display_setup_form( $error = null ) {
if ( ! empty( $_POST ) )
$blog_public = isset( $_POST['blog_public'] );
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
$admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
$admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
$admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
$admin_email = isset( $_POST['admin_email'] ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
if ( ! is_null( $error ) ) {
?>
@ -189,11 +189,11 @@ switch($step) {
display_header();
// Fill in the data we gathered
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
$admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
$admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
$admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
$admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
$admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
$admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0;
// check e-mail address
$error = false;

4
wp-admin/link-manager.php
View File

@ -31,7 +31,7 @@ if ( $doaction && isset( $_REQUEST['linkcheck'] ) ) {
exit;
}
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
@ -72,7 +72,7 @@ if ( ! current_user_can('manage_links') )
<?php screen_icon(); ?>
<h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php
if ( !empty($_REQUEST['s']) )
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
</h2>
<?php

2
wp-admin/media.php
View File

@ -32,7 +32,7 @@ case 'editattachment' :
}
if ( false !== strpos($location, 'upload.php') ) {
$location = remove_query_arg('message', $location);
$location = add_query_arg('posted', $attachment_id, $location);
$location = add_query_arg('posted', $attachment_id, $location);
} elseif ( false !== strpos($location, 'media.php') ) {
$location = add_query_arg('message', 'updated', $location);
}

10
wp-admin/nav-menus.php
View File

@ -93,7 +93,7 @@ switch ( $action ) {
if ( ! is_wp_error( $parent_object ) ) {
$parent_data = (array) $parent_object;
$menu_item_data['menu_item_parent'] = $parent_data['menu_item_parent'];
wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
}
@ -103,7 +103,7 @@ switch ( $action ) {
$menu_item_data['menu_order'] = $menu_item_data['menu_order'] + 1;
$menu_item_data['menu_item_parent'] = $next_item_data['ID'];
wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
wp_update_post($menu_item_data);
wp_update_post($next_item_data);
@ -115,7 +115,7 @@ switch ( $action ) {
in_array( $menu_item_data['menu_item_parent'], $orders_to_dbids )
) {
$menu_item_data['menu_item_parent'] = (int) get_post_meta( $menu_item_data['menu_item_parent'], '_menu_item_menu_item_parent', true);
wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
}
}
}
@ -190,7 +190,7 @@ switch ( $action ) {
$menu_item_data['menu_order'] = $menu_item_data['menu_order'] - 1;
// save changes
wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
wp_update_post($menu_item_data);
wp_update_post($parent_data);
}
@ -205,7 +205,7 @@ switch ( $action ) {
) {
// just make it a child of the previous; keep the order
$menu_item_data['menu_item_parent'] = (int) $orders_to_dbids[$dbids_to_orders[$menu_item_id] - 1];
wp_update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
update_post_meta( $menu_item_data['ID'], '_menu_item_menu_item_parent', (int) $menu_item_data['menu_item_parent'] );
wp_update_post($menu_item_data);
}
}

2
wp-admin/network.php
View File

@ -520,7 +520,7 @@ if ( $_POST ) {
$base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
$subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
if ( ! network_domain_check() ) {
$result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
$result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
if ( is_wp_error( $result ) ) {
if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
network_step2( $result );

12
wp-admin/network/settings.php
View File

@ -61,7 +61,7 @@ if ( $_POST ) {
foreach ( $options as $option_name ) {
if ( ! isset($_POST[$option_name]) )
continue;
$value = wp_unslash( $_POST[$option_name] );
$value = stripslashes_deep( $_POST[$option_name] );
update_site_option( $option_name, $value );
}
@ -181,7 +181,7 @@ if ( isset( $_GET['updated'] ) ) {
<th scope="row"><label for="welcome_email"><?php _e( 'Welcome Email' ) ?></label></th>
<td>
<textarea name="welcome_email" id="welcome_email" rows="5" cols="45" class="large-text">
<?php echo esc_textarea( get_site_option( 'welcome_email' ) ) ?></textarea>
<?php echo esc_textarea( stripslashes( get_site_option( 'welcome_email' ) ) ) ?></textarea>
<br />
<?php _e( 'The welcome email sent to new site owners.' ) ?>
</td>
@ -190,7 +190,7 @@ if ( isset( $_GET['updated'] ) ) {
<th scope="row"><label for="welcome_user_email"><?php _e( 'Welcome User Email' ) ?></label></th>
<td>
<textarea name="welcome_user_email" id="welcome_user_email" rows="5" cols="45" class="large-text">
<?php echo esc_textarea( get_site_option( 'welcome_user_email' ) ) ?></textarea>
<?php echo esc_textarea( stripslashes( get_site_option( 'welcome_user_email' ) ) ) ?></textarea>
<br />
<?php _e( 'The welcome email sent to new users.' ) ?>
</td>
@ -199,7 +199,7 @@ if ( isset( $_GET['updated'] ) ) {
<th scope="row"><label for="first_post"><?php _e( 'First Post' ) ?></label></th>
<td>
<textarea name="first_post" id="first_post" rows="5" cols="45" class="large-text">
<?php echo esc_textarea( get_site_option( 'first_post' ) ) ?></textarea>
<?php echo esc_textarea( stripslashes( get_site_option( 'first_post' ) ) ) ?></textarea>
<br />
<?php _e( 'The first post on a new site.' ) ?>
</td>
@ -208,7 +208,7 @@ if ( isset( $_GET['updated'] ) ) {
<th scope="row"><label for="first_page"><?php _e( 'First Page' ) ?></label></th>
<td>
<textarea name="first_page" id="first_page" rows="5" cols="45" class="large-text">
<?php echo esc_textarea( get_site_option( 'first_page' ) ) ?></textarea>
<?php echo esc_textarea( stripslashes( get_site_option('first_page') ) ) ?></textarea>
<br />
<?php _e( 'The first page on a new site.' ) ?>
</td>
@ -217,7 +217,7 @@ if ( isset( $_GET['updated'] ) ) {
<th scope="row"><label for="first_comment"><?php _e( 'First Comment' ) ?></label></th>
<td>
<textarea name="first_comment" id="first_comment" rows="5" cols="45" class="large-text">
<?php echo esc_textarea( get_site_option( 'first_comment' ) ) ?></textarea>
<?php echo esc_textarea( stripslashes( get_site_option('first_comment') ) ) ?></textarea>
<br />
<?php _e( 'The first comment on a new site.' ) ?>
</td>

2
wp-admin/network/site-info.php
View File

@ -62,7 +62,7 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) {
delete_option( 'rewrite_rules' );
// update blogs table
$blog_data = wp_unslash( $_POST['blog'] );
$blog_data = stripslashes_deep( $_POST['blog'] );
$existing_details = get_blog_details( $id, false );
$blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
foreach ( $blog_data_checkboxes as $c ) {

4
wp-admin/network/site-new.php
View File

@ -38,7 +38,7 @@ if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
if ( ! is_array( $_POST['blog'] ) )
wp_die( __( 'Can&#8217;t create an empty site.' ) );
$blog = wp_unslash( $_POST['blog'] );
$blog = $_POST['blog'];
$domain = '';
if ( preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) )
$domain = strtolower( $blog['domain'] );
@ -88,7 +88,7 @@ if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
$content_mail = sprintf( __( 'New site created by %1$s
Address: %2$s
Name: %3$s' ), $current_user->user_login , get_site_url( $id ), $title );
Name: %3$s' ), $current_user->user_login , get_site_url( $id ), stripslashes( $title ) );
wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );
wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) );

6
wp-admin/network/site-settings.php
View File

@ -53,14 +53,12 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_ar
$count = count( $_POST['option'] );
$skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
foreach ( (array) $_POST['option'] as $key => $val ) {
$key = wp_unslash( $key );
$val = wp_unslash( $val );
if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
if ( $c == $count )
update_option( $key, $val );
update_option( $key, stripslashes( $val ) );
else
update_option( $key, $val, false ); // no need to refresh blog details yet
update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
$c++;
}

2
wp-admin/network/sites.php
View File

@ -79,7 +79,7 @@ if ( isset( $_GET['action'] ) ) {
<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
<?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?>
<p><?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?></p>
<p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p>
<?php submit_button( __('Confirm'), 'button' ); ?>
</form>
</body>

3
wp-admin/options-head.php
View File

@ -2,7 +2,8 @@
/**
* WordPress Options Header.
*
* Displays updated message, if updated variable is part of the URL query.
* Resets variables: 'action', 'standalone', and 'option_group_id'. Displays
* updated message, if updated variable is part of the URL query.
*
* @package WordPress
* @subpackage Administration

8
wp-admin/options.php
View File

@ -120,16 +120,16 @@ if ( 'update' == $action ) {
if ( 'options' == $option_page ) {
if ( is_multisite() && ! is_super_admin() )
wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
$options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
$options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
} else {
$options = $whitelist_options[ $option_page ];
}
// Handle custom date/time formats
if ( 'general' == $option_page ) {
if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
$_POST['date_format'] = $_POST['date_format_custom'];
if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
$_POST['time_format'] = $_POST['time_format_custom'];
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
@ -150,7 +150,7 @@ if ( 'update' == $action ) {
$value = $_POST[ $option ];
if ( ! is_array( $value ) )
$value = trim( $value );
$value = wp_unslash( $value );
$value = stripslashes_deep( $value );
}
update_option( $option, $value );
}

6
wp-admin/plugin-editor.php
View File

@ -28,7 +28,7 @@ if ( empty($plugins) )
wp_die( __('There are no plugins installed on this site.') );
if ( isset($_REQUEST['file']) )
$plugin = wp_unslash($_REQUEST['file']);
$plugin = stripslashes($_REQUEST['file']);
if ( empty($plugin) ) {
$plugin = array_keys($plugins);
@ -39,6 +39,8 @@ $plugin_files = get_plugin_files($plugin);
if ( empty($file) )
$file = $plugin_files[0];
else
$file = stripslashes($file);
$file = validate_file_to_edit($file, $plugin_files);
$real_file = WP_PLUGIN_DIR . '/' . $file;
@ -50,7 +52,7 @@ case 'update':
check_admin_referer('edit-plugin_' . $file);
$newcontent = wp_unslash( $_POST['newcontent'] );
$newcontent = stripslashes($_POST['newcontent']);
if ( is_writeable($real_file) ) {
$f = fopen($real_file, 'w+');
fwrite($f, $newcontent);

4
wp-admin/press-this.php
View File

@ -91,11 +91,11 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
}
// Set Variables
$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
$selection = '';
if ( !empty($_GET['s']) ) {
$selection = str_replace('&apos;', "'", wp_unslash($_GET['s']));
$selection = str_replace('&apos;', "'", stripslashes($_GET['s']));
$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
}

2
wp-admin/setup-config.php
View File

@ -164,7 +164,7 @@ switch($step) {
case 2:
foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
$$key = trim( wp_unslash( $_POST[ $key ] ) );
$$key = trim( stripslashes( $_POST[ $key ] ) );
$tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>';

4
wp-admin/theme-editor.php
View File

@ -68,7 +68,7 @@ if ( empty( $file ) ) {
$relative_file = 'style.css';
$file = $allowed_files['style.css'];
} else {
$relative_file = $file;
$relative_file = stripslashes( $file );
$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
}
@ -78,7 +78,7 @@ $scrollto = isset( $_REQUEST['scrollto'] ) ? (int) $_REQUEST['scrollto'] : 0;
switch( $action ) {
case 'update':
check_admin_referer( 'edit-theme_' . $file . $stylesheet );
$newcontent = wp_unslash( $_POST['newcontent'] );
$newcontent = stripslashes( $_POST['newcontent'] );
$location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
if ( is_writeable( $file ) ) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable

6
wp-admin/update.php
View File

@ -26,7 +26,7 @@ if ( isset($_GET['action']) ) {
check_admin_referer( 'bulk-update-plugins' );
if ( isset( $_GET['plugins'] ) )
$plugins = explode( ',', wp_unslash($_GET['plugins']) );
$plugins = explode( ',', stripslashes($_GET['plugins']) );
elseif ( isset( $_POST['checked'] ) )
$plugins = (array) $_POST['checked'];
else
@ -109,7 +109,7 @@ if ( isset($_GET['action']) ) {
$nonce = 'install-plugin_' . $plugin;
$url = 'update.php?action=install-plugin&plugin=' . $plugin;
if ( isset($_GET['from']) )
$url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) );
$url .= '&from=' . urlencode(stripslashes($_GET['from']));
$type = 'web'; //Install plugin type, From Web or an Upload.
@ -173,7 +173,7 @@ if ( isset($_GET['action']) ) {
check_admin_referer( 'bulk-update-themes' );
if ( isset( $_GET['themes'] ) )
$themes = explode( ',', wp_unslash( $_GET['themes'] ) );
$themes = explode( ',', stripslashes($_GET['themes']) );
elseif ( isset( $_POST['checked'] ) )
$themes = (array) $_POST['checked'];
else

4
wp-admin/upgrade.php
View File

@ -77,7 +77,7 @@ else
<?php else :
switch ( $step ) :
case 0:
$goback = wp_get_referer();
$goback = stripslashes( wp_get_referer() );
$goback = esc_url_raw( $goback );
$goback = urlencode( $goback );
?>
@ -90,7 +90,7 @@ switch ( $step ) :
case 1:
wp_upgrade();
$backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
$backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
$backto = esc_url( $backto );
$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
?>

2
wp-admin/upload.php
View File

@ -132,7 +132,7 @@ if ( $doaction ) {
wp_redirect( $location );
exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
exit;
}

2
wp-admin/user-edit.php
View File

@ -54,7 +54,7 @@ get_current_screen()->set_help_sidebar(
'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
);
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer );
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );

8
wp-admin/user-new.php
View File

@ -112,15 +112,15 @@ Please click the following link to confirm the invite:
}
} else {
// Adding a new user to this blog
$user_details = wpmu_validate_user_signup( wp_unslash( $_REQUEST[ 'user_login' ] ), wp_unslash( $_REQUEST[ 'email' ] ) );
$user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
$add_user_errors = $user_details[ 'errors' ];
} else {
$new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
$new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
}
wpmu_signup_user( $new_user_login, wp_unslash( $_REQUEST[ 'email' ] ), array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );
wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );
if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
$key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) );
wpmu_activate_signup( $key );
@ -309,7 +309,7 @@ foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_nam
$var = "new_user_$var";
if( isset( $_POST['createuser'] ) ) {
if ( ! isset($$var) )
$$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
$$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
} else {
$$var = false;
}

8
wp-admin/users.php
View File

@ -64,9 +64,9 @@ get_current_screen()->set_help_sidebar(
);
if ( empty($_REQUEST) ) {
$referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
$referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
} elseif ( isset($_REQUEST['wp_http_referer']) ) {
$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) );
$redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer']));
$referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
} else {
$redirect = 'users.php';
@ -357,7 +357,7 @@ break;
default:
if ( !empty($_GET['_wp_http_referer']) ) {
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
exit;
}
@ -381,7 +381,7 @@ default:
case 'add':
if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) {
$messages[] = '<div id="message" class="updated"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ),
esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ),
self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>';
} else {
$messages[] = '<div id="message" class="updated"><p>' . __( 'New user created.' ) . '</p></div>';

26
wp-comments-post.php
View File

@ -17,9 +17,7 @@ require( dirname(__FILE__) . '/wp-load.php' );
nocache_headers();
$post_data = wp_unslash( $_POST );
$comment_post_ID = isset($post_data['comment_post_ID']) ? (int) $post_data['comment_post_ID'] : 0;
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
@ -49,21 +47,21 @@ if ( !comments_open($comment_post_ID) ) {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = ( isset( $post_data['author'] ) ) ? trim( strip_tags( $post_data['author'] ) ) : null;
$comment_author_email = ( isset( $post_data['email'] ) ) ? trim( $post_data['email'] ) : null;
$comment_author_url = ( isset( $post_data['url'] ) ) ? trim( $post_data['url'] ) : null;
$comment_content = ( isset( $post_data['comment'] ) ) ? trim( $post_data['comment'] ) : null;
$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null;
$comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null;
$comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null;
// If the user is logged in
$user = wp_get_current_user();
if ( $user->exists() ) {
if ( empty( $user->display_name ) )
$user->display_name = $user->user_login;
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$user->display_name=$user->user_login;
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $post_data['_wp_unfiltered_html_comment'] ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate
kses_init_filters(); // set up the filters
}
@ -85,7 +83,7 @@ if ( get_option('require_name_email') && !$user->exists() ) {
if ( '' == $comment_content )
wp_die( __('<strong>ERROR</strong>: please type a comment.') );
$comment_parent = isset($post_data['comment_parent']) ? absint($post_data['comment_parent']) : 0;
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
@ -94,7 +92,7 @@ $comment_id = wp_new_comment( $commentdata );
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$location = empty($post_data['redirect_to']) ? get_comment_link($comment_id) : $post_data['redirect_to'] . '#comment-' . $comment_id;
$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
$location = apply_filters('comment_post_redirect', $location, $comment);
wp_safe_redirect( $location );

2
wp-includes/class-wp-customize-manager.php
View File

@ -310,7 +310,7 @@ final class WP_Customize_Manager {
public function post_value( $setting ) {
if ( ! isset( $this->_post_values ) ) {
if ( isset( $_POST['customized'] ) )
$this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true );
$this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true );
else
$this->_post_values = false;
}

2
wp-includes/class-wp-customize-setting.php
View File

@ -144,7 +144,7 @@ class WP_Customize_Setting {
* @return mixed Null if an input isn't valid, otherwise the sanitized value.
*/
public function sanitize( $value ) {
$value = wp_unslash( $value );
$value = stripslashes_deep( $value );
return apply_filters( "customize_sanitize_{$this->id}", $value, $this );
}

205
wp-includes/class-wp-xmlrpc-server.php
View File

@ -280,15 +280,17 @@ class wp_xmlrpc_server extends IXR_Server {
$meta['id'] = (int) $meta['id'];
$pmeta = get_metadata_by_mid( 'post', $meta['id'] );
if ( isset($meta['key']) ) {
$meta['key'] = stripslashes( $meta['key'] );
if ( $meta['key'] != $pmeta->meta_key )
continue;
$meta['value'] = stripslashes_deep( $meta['value'] );
if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) )
update_metadata_by_mid( 'post', $meta['id'], $meta['value'] );
} elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) {
delete_metadata_by_mid( 'post', $meta['id'] );
}
} elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) {
wp_add_post_meta( $post_id, $meta['key'], $meta['value'] );
} elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) {
add_post_meta( $post_id, $meta['key'], $meta['value'] );
}
}
}
@ -460,6 +462,8 @@ class wp_xmlrpc_server extends IXR_Server {
return $this->blogger_getUsersBlogs( $args );
}
$this->escape( $args );
$username = $args[0];
$password = $args[1];
@ -951,6 +955,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1233,6 +1239,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 5 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1266,6 +1274,7 @@ class wp_xmlrpc_server extends IXR_Server {
else
$post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] );
$this->escape( $post );
$merged_content_struct = array_merge( $post, $content_struct );
$retval = $this->_insert_post( $user, $merged_content_struct );
@ -1292,6 +1301,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1366,6 +1377,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1421,6 +1434,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 3 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1514,6 +1529,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1599,6 +1616,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 5 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1689,6 +1708,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 5 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1754,6 +1775,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 5 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1805,6 +1828,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1878,6 +1903,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1920,6 +1947,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 3 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -1987,6 +2016,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2038,6 +2069,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 3 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2104,6 +2137,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 3 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2149,6 +2184,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2212,6 +2249,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getPage($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$page_id = (int) $args[1];
$username = $args[2];
@ -2253,6 +2292,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getPages($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2295,8 +2336,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return unknown
*/
function wp_newPage($args) {
$username = $args[1];
$password = $args[2];
// Items not escaped here will be escaped in newPost.
$username = $this->escape($args[1]);
$password = $this->escape($args[2]);
$page = $args[3];
$publish = $args[4];
@ -2321,6 +2363,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return bool True, if success.
*/
function wp_deletePage($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2360,10 +2404,11 @@ class wp_xmlrpc_server extends IXR_Server {
* @return unknown
*/
function wp_editPage($args) {
// Items not escaped here will be escaped in editPost.
$blog_id = (int) $args[0];
$page_id = (int) $args[1];
$username = $args[2];
$password = $args[3];
$page_id = (int) $this->escape($args[1]);
$username = $this->escape($args[2]);
$password = $this->escape($args[3]);
$content = $args[4];
$publish = $args[5];
@ -2408,6 +2453,8 @@ class wp_xmlrpc_server extends IXR_Server {
function wp_getPageList($args) {
global $wpdb;
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2456,6 +2503,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getAuthors($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2489,6 +2539,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getTags( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2528,6 +2580,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return int Category ID.
*/
function wp_newCategory($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2587,6 +2641,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return mixed See {@link wp_delete_term()} for return info.
*/
function wp_deleteCategory($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2617,6 +2673,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_suggestCategories($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2652,6 +2710,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getComment($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2691,6 +2751,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents
*/
function wp_getComments($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2749,6 +2811,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return mixed {@link wp_delete_comment()}
*/
function wp_deleteComment($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2801,6 +2865,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return bool True, on success.
*/
function wp_editComment($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2876,6 +2942,8 @@ class wp_xmlrpc_server extends IXR_Server {
function wp_newComment($args) {
global $wpdb;
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2910,9 +2978,9 @@ class wp_xmlrpc_server extends IXR_Server {
$comment['comment_post_ID'] = $post_id;
if ( $logged_in ) {
$comment['comment_author'] = $user->display_name;
$comment['comment_author_email'] = $user->user_email;
$comment['comment_author_url'] = $user->user_url;
$comment['comment_author'] = $wpdb->escape( $user->display_name );
$comment['comment_author_email'] = $wpdb->escape( $user->user_email );
$comment['comment_author_url'] = $wpdb->escape( $user->user_url );
$comment['user_ID'] = $user->ID;
} else {
$comment['comment_author'] = '';
@ -2959,6 +3027,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getCommentStatusList($args) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -2983,6 +3053,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getCommentCount( $args ) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3014,6 +3086,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getPostStatusList( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3038,6 +3112,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getPageStatusList( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3062,6 +3138,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getPageTemplates( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3087,6 +3165,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getOptions( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3135,6 +3215,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return unknown
*/
function wp_setOptions( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3182,6 +3264,8 @@ class wp_xmlrpc_server extends IXR_Server {
* - 'metadata'
*/
function wp_getMediaItem($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3225,6 +3309,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents
*/
function wp_getMediaLibrary($args) {
$this->escape($args);
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3265,6 +3351,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function wp_getPostFormats( $args ) {
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3323,6 +3411,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3367,6 +3457,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 3 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3419,6 +3511,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 4 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3483,6 +3577,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( ! $this->minimum_args( $args, 3 ) )
return $this->error;
$this->escape( $args );
$blog_id = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -3532,6 +3628,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( is_multisite() )
return $this->_multisite_getUsersBlogs($args);
$this->escape($args);
$username = $args[1];
$password = $args[2];
@ -3593,6 +3691,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function blogger_getUserInfo($args) {
$this->escape($args);
$username = $args[1];
$password = $args[2];
@ -3624,6 +3725,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function blogger_getPost($args) {
$this->escape($args);
$post_ID = (int) $args[1];
$username = $args[2];
$password = $args[3];
@ -3642,9 +3746,9 @@ class wp_xmlrpc_server extends IXR_Server {
$categories = implode(',', wp_get_post_categories($post_ID));
$content = '<title>'.$post_data['post_title'].'</title>';
$content = '<title>'.stripslashes($post_data['post_title']).'</title>';
$content .= '<category>'.$categories.'</category>';
$content .= $post_data['post_content'];
$content .= stripslashes($post_data['post_content']);
$struct = array(
'userid' => $post_data['post_author'],
@ -3665,6 +3769,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function blogger_getRecentPosts($args) {
$this->escape($args);
// $args[0] = appkey - ignored
$blog_ID = (int) $args[1]; /* though we don't use it yet */
$username = $args[2];
@ -3693,9 +3800,9 @@ class wp_xmlrpc_server extends IXR_Server {
$post_date = $this->_convert_date( $entry['post_date'] );
$categories = implode(',', wp_get_post_categories($entry['ID']));
$content = '<title>'.$entry['post_title'].'</title>';
$content = '<title>'.stripslashes($entry['post_title']).'</title>';
$content .= '<category>'.$categories.'</category>';
$content .= $entry['post_content'];
$content .= stripslashes($entry['post_content']);
$struct[] = array(
'userid' => $entry['post_author'],
@ -3743,6 +3850,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return int
*/
function blogger_newPost($args) {
$this->escape($args);
$blog_ID = (int) $args[1]; /* though we don't use it yet */
$username = $args[2];
$password = $args[3];
@ -3794,6 +3904,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return bool true when done.
*/
function blogger_editPost($args) {
$this->escape($args);
$post_ID = (int) $args[1];
$username = $args[2];
$password = $args[3];
@ -3810,6 +3923,8 @@ class wp_xmlrpc_server extends IXR_Server {
if ( !$actual_post || $actual_post['post_type'] != 'post' )
return new IXR_Error(404, __('Sorry, no such post.'));
$this->escape($actual_post);
if ( !current_user_can('edit_post', $post_ID) )
return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.'));
@ -3845,6 +3960,8 @@ class wp_xmlrpc_server extends IXR_Server {
* @return bool True when post is deleted.
*/
function blogger_deletePost($args) {
$this->escape($args);
$post_ID = (int) $args[1];
$username = $args[2];
$password = $args[3];
@ -3913,11 +4030,13 @@ class wp_xmlrpc_server extends IXR_Server {
* @return int
*/
function mw_newPost($args) {
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
$this->escape($args);
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
$content_struct = $args[3];
$publish = isset( $args[4] ) ? $args[4] : 0;
$publish = isset( $args[4] ) ? $args[4] : 0;
if ( !$user = $this->login($username, $password) )
return $this->error;
@ -4197,7 +4316,7 @@ class wp_xmlrpc_server extends IXR_Server {
}
}
if (!$found)
wp_add_post_meta( $post_ID, 'enclosure', $encstring );
add_post_meta( $post_ID, 'enclosure', $encstring );
}
}
@ -4231,6 +4350,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return bool True on success.
*/
function mw_editPost($args) {
$this->escape($args);
$post_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4269,6 +4391,7 @@ class wp_xmlrpc_server extends IXR_Server {
}
}
$this->escape($postdata);
extract($postdata, EXTR_SKIP);
// Let WordPress manage slug if none was provided.
@ -4496,6 +4619,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function mw_getPost($args) {
$this->escape($args);
$post_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4617,6 +4743,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function mw_getRecentPosts($args) {
$this->escape($args);
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4729,6 +4858,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function mw_getCategories($args) {
$this->escape($args);
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4775,10 +4907,10 @@ class wp_xmlrpc_server extends IXR_Server {
function mw_newMediaObject($args) {
global $wpdb;
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
$data = $args[3];
$blog_ID = (int) $args[0];
$username = $wpdb->escape($args[1]);
$password = $wpdb->escape($args[2]);
$data = $args[3];
$name = sanitize_file_name( $data['name'] );
$type = $data['type'];
@ -4865,6 +4997,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function mt_getRecentPostTitles($args) {
$this->escape($args);
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4922,6 +5057,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function mt_getCategoryList($args) {
$this->escape($args);
$blog_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4957,6 +5095,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function mt_getPostCategories($args) {
$this->escape($args);
$post_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -4997,6 +5138,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return bool True on success.
*/
function mt_setPostCategories($args) {
$this->escape($args);
$post_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -5106,6 +5250,9 @@ class wp_xmlrpc_server extends IXR_Server {
* @return int
*/
function mt_publishPost($args) {
$this->escape($args);
$post_ID = (int) $args[0];
$username = $args[1];
$password = $args[2];
@ -5127,6 +5274,7 @@ class wp_xmlrpc_server extends IXR_Server {
// retain old cats
$cats = wp_get_post_categories($post_ID);
$postdata['post_category'] = $cats;
$this->escape($postdata);
$result = wp_update_post($postdata);
@ -5150,6 +5298,8 @@ class wp_xmlrpc_server extends IXR_Server {
do_action('xmlrpc_call', 'pingback.ping');
$this->escape($args);
$pagelinkedfrom = $args[0];
$pagelinkedto = $args[1];
@ -5285,15 +5435,15 @@ class wp_xmlrpc_server extends IXR_Server {
$pagelinkedfrom = str_replace('&', '&amp;', $pagelinkedfrom);
$context = '[...] ' . esc_html( $excerpt ) . ' [...]';
$pagelinkedfrom = $pagelinkedfrom;
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
$comment_post_ID = (int) $post_ID;
$comment_author = $title;
$comment_author_email = '';
$comment_author;
$this->escape($comment_author);
$comment_author_url = $pagelinkedfrom;
$comment_content = $context;
$comment_content;
$this->escape($comment_content);
$comment_type = 'pingback';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type');
@ -5315,10 +5465,13 @@ class wp_xmlrpc_server extends IXR_Server {
* @return array
*/
function pingback_extensions_getPingbacks($args) {
global $wpdb;
do_action('xmlrpc_call', 'pingback.extensions.getPingbacks');
$this->escape($args);
$url = $args;
$post_ID = url_to_postid($url);

12
wp-includes/class-wp.php
View File

@ -142,15 +142,15 @@ class WP {
$this->did_permalink = true;
if ( isset($_SERVER['PATH_INFO']) )
$pathinfo = wp_unslash( $_SERVER['PATH_INFO'] );
$pathinfo = $_SERVER['PATH_INFO'];
else
$pathinfo = '';
$pathinfo_array = explode('?', $pathinfo);
$pathinfo = str_replace("%", "%25", $pathinfo_array[0]);
$req_uri = wp_unslash( $_SERVER['REQUEST_URI'] );
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_array = explode('?', $req_uri);
$req_uri = $req_uri_array[0];
$self = wp_unslash( $_SERVER['PHP_SELF'] );
$self = $_SERVER['PHP_SELF'];
$home_path = parse_url(home_url());
if ( isset($home_path['path']) )
$home_path = $home_path['path'];
@ -255,9 +255,9 @@ class WP {
if ( isset( $this->extra_query_vars[$wpvar] ) )
$this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar];
elseif ( isset( $_POST[$wpvar] ) )
$this->query_vars[$wpvar] = wp_unslash( $_POST[$wpvar] );
$this->query_vars[$wpvar] = $_POST[$wpvar];
elseif ( isset( $_GET[$wpvar] ) )
$this->query_vars[$wpvar] = wp_unslash( $_GET[$wpvar] );
$this->query_vars[$wpvar] = $_GET[$wpvar];
elseif ( isset( $perma_query_vars[$wpvar] ) )
$this->query_vars[$wpvar] = $perma_query_vars[$wpvar];
@ -356,7 +356,7 @@ class WP {
// Support for Conditional GET
if (isset($_SERVER['HTTP_IF_NONE_MATCH']))
$client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597
$client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH']));
else $client_etag = false;
$client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']);

26
wp-includes/comment.php
View File

@ -633,22 +633,22 @@ function wp_set_comment_cookies($comment, $user) {
*/
function sanitize_comment_cookies() {
if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
$comment_author = wp_unslash( $_COOKIE['comment_author_'.COOKIEHASH] );
$comment_author = apply_filters('pre_comment_author_name', $comment_author);
$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
$comment_author = stripslashes($comment_author);
$comment_author = esc_attr($comment_author);
$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
}
if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
$comment_author_email = wp_unslash( $_COOKIE['comment_author_email_'.COOKIEHASH] );
$comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email);
$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
$comment_author_email = stripslashes($comment_author_email);
$comment_author_email = esc_attr($comment_author_email);
$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
}
if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
$comment_author_url = wp_unslash( $_COOKIE['comment_author_url_'.COOKIEHASH] );
$comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url);
$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
$comment_author_url = stripslashes($comment_author_url);
$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
}
}
@ -670,10 +670,11 @@ function wp_allow_comment($commentdata) {
extract($commentdata, EXTR_SKIP);
// Simple duplicate check
$dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author );
// expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' ";
if ( $comment_author_email )
$dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email );
$dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content );
$dupe .= "OR comment_author_email = '$comment_author_email' ";
$dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
if ( $wpdb->get_var($dupe) ) {
do_action( 'comment_duplicate_trigger', $commentdata );
if ( defined('DOING_AJAX') )
@ -1261,7 +1262,7 @@ function wp_get_current_commenter() {
*/
function wp_insert_comment($commentdata) {
global $wpdb;
extract($commentdata, EXTR_SKIP);
extract(stripslashes_deep($commentdata), EXTR_SKIP);
if ( ! isset($comment_author_IP) )
$comment_author_IP = '';
@ -1490,6 +1491,9 @@ function wp_update_comment($commentarr) {
// First, get all of the original fields
$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
// Escape data pulled from DB.
$comment = esc_sql($comment);
$old_status = $comment['comment_approved'];
// Merge old and new fields with new fields overwriting old ones.
@ -1498,7 +1502,7 @@ function wp_update_comment($commentarr) {
$commentarr = wp_filter_comment( $commentarr );
// Now extract the merged array.
extract($commentarr, EXTR_SKIP);
extract(stripslashes_deep($commentarr), EXTR_SKIP);
$comment_content = apply_filters('comment_save_pre', $comment_content);

2
wp-includes/cron.php
View File

@ -230,7 +230,7 @@ function spawn_cron( $gmt_time = 0 ) {
set_transient( 'doing_cron', $doing_wp_cron );
ob_start();
wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) );
echo ' ';
// flush any buffers and send the headers

8
wp-includes/default-filters.php
View File

@ -14,8 +14,8 @@
// Strip, trim, kses, special chars for string saves
foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
add_filter( $filter, 'sanitize_text_field' );
add_filter( $filter, 'wp_kses_data' );
add_filter( $filter, 'sanitize_text_field' );
add_filter( $filter, 'wp_filter_kses' );
add_filter( $filter, '_wp_specialchars', 30 );
}
@ -31,7 +31,7 @@ foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target',
// Kses only for textarea saves
foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
add_filter( $filter, 'wp_kses_data' );
add_filter( $filter, 'wp_filter_kses' );
}
// Kses only for textarea admin displays
@ -46,7 +46,7 @@ if ( is_admin() ) {
foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
add_filter( $filter, 'trim' );
add_filter( $filter, 'sanitize_email' );
add_filter( $filter, 'wp_kses_data' );
add_filter( $filter, 'wp_filter_kses' );
}
// Email admin display

8
wp-includes/default-widgets.php
View File

@ -413,7 +413,7 @@ class WP_Widget_Text extends WP_Widget {
if ( current_user_can('unfiltered_html') )
$instance['text'] = $new_instance['text'];
else
$instance['text'] = wp_kses_post( $new_instance['text'] );
$instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed
$instance['filter'] = isset($new_instance['filter']);
return $instance;
}
@ -1057,8 +1057,8 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
}
function update( $new_instance, $old_instance ) {
$instance['title'] = strip_tags( $new_instance['title'] );
$instance['taxonomy'] = $new_instance['taxonomy'];
$instance['title'] = strip_tags(stripslashes($new_instance['title']));
$instance['taxonomy'] = stripslashes($new_instance['taxonomy']);
return $instance;
}
@ -1119,7 +1119,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget {
}
function update( $new_instance, $old_instance ) {
$instance['title'] = strip_tags( $new_instance['title'] );
$instance['title'] = strip_tags( stripslashes($new_instance['title']) );
$instance['nav_menu'] = (int) $new_instance['nav_menu'];
return $instance;
}

2
wp-includes/deprecated.php
View File

@ -2383,7 +2383,7 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
/** @todo Might need fix because usermeta data is assumed to be already escaped */
if ( is_string($meta_value) )
$meta_value = $meta_value;
$meta_value = stripslashes($meta_value);
$meta_value = maybe_serialize($meta_value);
if (empty($meta_value)) {

2
wp-includes/feed.php
View File

@ -488,7 +488,7 @@ function prep_atom_text_construct($data) {
*/
function self_link() {
$host = @parse_url(home_url());
echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) );
echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ) ) );
}
/**

53
wp-includes/formatting.php
View File

@ -1716,7 +1716,10 @@ function _split_str_by_whitespace( $string, $goal ) {
* @return string Converted content.
*/
function wp_rel_nofollow( $text ) {
// This is a pre save filter, so text is already escaped.
$text = stripslashes($text);
$text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
$text = esc_sql($text);
return $text;
}
@ -3339,53 +3342,3 @@ function sanitize_trackback_urls( $to_ping ) {
$urls_to_ping = implode( "\n", $urls_to_ping );
return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
}
/**
* Conditionally add slashes to a string or array of strings. When GPCS
* slashing is turned on, slashes are added. When GPCS slashing is turned off,
* slashes are not added.
*
* This should be used when preparing data for core API that deal directly with GPCS data.
* Outside of unit tests, this should be rare. At a future date GPCS will no longer
* be slashed and this function will noop. Do not use it in situations where adding slashes
* is always required regardless of whether GPCS is slashed.
*
* @since 3.6.0
*
* @param string|array $value String or array of strings to slash.
* @return string|array Slashed $value
*/
function wp_slash( $value ) {
if ( is_array( $value ) ) {
foreach ( $value as $k => $v ) {
if ( is_array( $v ) ) {
$value[$k] = wp_slash( $v );
} else {
$value[$k] = addslashes( $v );
}
}
} else {
$value = addslashes( $value );
}
return $value;
}
/**
* Conditionally removes slashes from a string or array of strings. When GPCS
* slashing is turned on, slashes are stripped. When GPCS slashing is turned off,
* slashes are not stripped.
*
* This should be used for GPCS data before passing it along to core API. At a future
* date GPCS will no longer be slashed and this function will noop. Do not use it
* in situations where slash stripping is always required regardless of whether GPCS
* is slashed.
*
* @since 3.6.0
*
* @param string|array $value String or array of strings to unslash.
* @return string|array Unslashed $value
*/
function wp_unslash( $value ) {
return stripslashes_deep( $value );
}

14
wp-includes/functions.php
View File

@ -468,7 +468,7 @@ function do_enclose( $content, $post_ID ) {
}
if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" );
}
}
}
@ -1257,9 +1257,9 @@ function wp_referer_field( $echo = true ) {
* @return string Original referer field.
*/
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
$jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
$jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
$ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />';
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
if ( $echo )
echo $orig_referer_field;
return $orig_referer_field;
@ -1278,11 +1278,11 @@ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
function wp_get_referer() {
$ref = false;
if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
$ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
$ref = $_REQUEST['_wp_http_referer'];
else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
$ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
$ref = $_SERVER['HTTP_REFERER'];
if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
return $ref;
return false;
}
@ -1298,7 +1298,7 @@ function wp_get_referer() {
*/
function wp_get_original_referer() {
if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
return $_REQUEST['_wp_original_http_referer'];
return false;
}

24
wp-includes/kses.php
View File

@ -1326,18 +1326,18 @@ function wp_filter_nohtml_kses( $data ) {
*/
function kses_init_filters() {
// Normal filtering
add_filter('title_save_pre', 'wp_kses_data');
add_filter('title_save_pre', 'wp_filter_kses');
// Comment filtering
if ( current_user_can( 'unfiltered_html' ) )
add_filter( 'pre_comment_content', 'wp_kses_post' );
add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
else
add_filter( 'pre_comment_content', 'wp_kses_data' );
add_filter( 'pre_comment_content', 'wp_filter_kses' );
// Post filtering
add_filter('content_save_pre', 'wp_kses_post');
add_filter('excerpt_save_pre', 'wp_kses_post');
add_filter('content_filtered_save_pre', 'wp_kses_post');
add_filter('content_save_pre', 'wp_filter_post_kses');
add_filter('excerpt_save_pre', 'wp_filter_post_kses');
add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
}
/**
@ -1354,16 +1354,16 @@ function kses_init_filters() {
*/
function kses_remove_filters() {
// Normal filtering
remove_filter('title_save_pre', 'wp_kses_data');
remove_filter('title_save_pre', 'wp_filter_kses');
// Comment filtering
remove_filter( 'pre_comment_content', 'wp_kses_post' );
remove_filter( 'pre_comment_content', 'wp_kses_data' );
remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
remove_filter( 'pre_comment_content', 'wp_filter_kses' );
// Post filtering
remove_filter('content_save_pre', 'wp_kses_post');
remove_filter('excerpt_save_pre', 'wp_kses_post');
remove_filter('content_filtered_save_pre', 'wp_kses_post');
remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
}
/**

2
wp-includes/link-template.php
View File

@ -746,7 +746,7 @@ function get_search_link( $query = '' ) {
if ( empty($query) )
$search = get_search_query( false );
else
$search = $query;
$search = stripslashes($query);
$permastruct = $wp_rewrite->get_search_permastruct();

9
wp-includes/meta.php
View File

@ -42,6 +42,9 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique =
$column = esc_sql($meta_type . '_id');
// expected_slashed ($meta_key)
$meta_key = stripslashes($meta_key);
$meta_value = stripslashes_deep($meta_value);
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
$check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique );
@ -110,7 +113,10 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v
$column = esc_sql($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$meta_key = stripslashes($meta_key);
$passed_value = $meta_value;
$meta_value = stripslashes_deep($meta_value);
$meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type );
$check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value );
@ -189,6 +195,9 @@ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $d
$type_column = esc_sql($meta_type . '_id');
$id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id';
// expected_slashed ($meta_key)
$meta_key = stripslashes($meta_key);
$meta_value = stripslashes_deep($meta_value);
$check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all );
if ( null !== $check )

2
wp-includes/ms-files.php
View File

@ -58,7 +58,7 @@ header( 'ETag: ' . $etag );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' );
// Support for Conditional GET
$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false;
if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) )
$_SERVER['HTTP_IF_MODIFIED_SINCE'] = false;

28
wp-includes/ms-functions.php
View File

@ -279,6 +279,9 @@ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') {
* @return int The ID of the newly created blog
*/
function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) {
$domain = addslashes( $domain );
$weblog_title = addslashes( $weblog_title );
if ( empty($path) )
$path = '/';
@ -579,7 +582,7 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') {
$blogname = apply_filters( 'newblogname', $blogname );
$blog_title = $blog_title;
$blog_title = stripslashes( $blog_title );
if ( empty( $blog_title ) )
$errors->add('blog_title', __( 'Please enter a site title.' ) );
@ -632,7 +635,10 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = ''
global $wpdb;
$key = substr( md5( time() . rand() . $domain ), 0, 16 );
$meta = serialize( $meta );
$meta = serialize($meta);
$domain = $wpdb->escape($domain);
$path = $wpdb->escape($path);
$title = $wpdb->escape($title);
$wpdb->insert( $wpdb->signups, array(
'domain' => $domain,
@ -645,7 +651,7 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = ''
'meta' => $meta
) );
wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta );
wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta);
}
/**
@ -834,8 +840,8 @@ function wpmu_activate_signup($key) {
}
$meta = maybe_unserialize($signup->meta);
$user_login = $signup->user_login;
$user_email = $signup->user_email;
$user_login = $wpdb->escape($signup->user_login);
$user_email = $wpdb->escape($signup->user_email);
$password = wp_generate_password( 12, false );
$user_id = username_exists($user_login);
@ -1151,7 +1157,7 @@ function install_blog($blog_id, $blog_title = '') {
else
update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) );
update_option( 'blogname', $blog_title );
update_option( 'blogname', stripslashes( $blog_title ) );
update_option( 'admin_email', '' );
// remove all perms
@ -1208,9 +1214,9 @@ function wpmu_welcome_notification($blog_id, $user_id, $password, $title, $meta
if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) )
return false;
$welcome_email = get_site_option( 'welcome_email' );
$welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
if ( $welcome_email == false )
$welcome_email = __( 'Dear User,
$welcome_email = stripslashes( __( 'Dear User,
Your new SITE_NAME site has been successfully set up at:
BLOG_URL
@ -1222,7 +1228,7 @@ Log in here: BLOG_URLwp-login.php
We hope you enjoy your new site. Thanks!
--The Team @ SITE_NAME' );
--The Team @ SITE_NAME' ) );
$url = get_blogaddress_by_id($blog_id);
$user = get_userdata( $user_id );
@ -1246,7 +1252,7 @@ We hope you enjoy your new site. Thanks!
if ( empty( $current_site->site_name ) )
$current_site->site_name = 'WordPress';
$subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, $title ) );
$subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) );
wp_mail($user->user_email, $subject, $message, $message_headers);
return true;
}
@ -1475,7 +1481,7 @@ function update_posts_count( $deprecated = '' ) {
function wpmu_log_new_registrations( $blog_id, $user_id ) {
global $wpdb;
$user = get_userdata( (int) $user_id );
$wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
$wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
}
/**

18
wp-includes/nav-menu.php
View File

@ -370,20 +370,20 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item
$menu_item_db_id = (int) $menu_item_db_id;
wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );
wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );
wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) );
update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) );
update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) );
$args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
$args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) );
if ( 0 == $menu_id )
wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) )
delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );

6
wp-includes/pluggable.php
View File

@ -782,7 +782,7 @@ function auth_redirect() {
// The cookie is no good so force login
nocache_headers();
$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . wp_unslash( $_SERVER['HTTP_HOST'] ) . wp_unslash( $_SERVER['REQUEST_URI'] ) );
$redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
$login_url = wp_login_url($redirect, true);
@ -1197,8 +1197,8 @@ if ( !function_exists('wp_new_user_notification') ) :
function wp_new_user_notification($user_id, $plaintext_pass = '') {
$user = get_userdata( $user_id );
$user_login = $user->user_login;
$user_email = $user->user_email;
$user_login = stripslashes($user->user_login);
$user_email = stripslashes($user->user_email);
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.

2
wp-includes/post-template.php
View File

@ -583,7 +583,7 @@ function post_password_required( $post = null ) {
$wp_hasher = new PasswordHash(8, true);
}
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
$hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );
return ! $wp_hasher->CheckPassword( $post->post_password, $hash );
}

106
wp-includes/post.php
View File

@ -1677,41 +1677,17 @@ function get_posts($args = null) {
* @link http://codex.wordpress.org/Function_Reference/add_post_meta
*
* @param int $post_id Post ID.
* @param string $meta_key Metadata name (expected slashed).
* @param mixed $meta_value Metadata value (expected slashed).
* @param string $meta_key Metadata name.
* @param mixed $meta_value Metadata value.
* @param bool $unique Optional, default is false. Whether the same key should not be added.
* @return bool False for failure. True for success.
*/
function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
//_deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' );
// expected slashed
$meta_key = stripslashes( $meta_key );
$meta_value = stripslashes_deep( $meta_value );
return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique );
}
/**
* Add meta data field to a post.
*
* Post meta data is called "Custom Fields" on the Administration Screen.
*
* @since 3.6.0
* @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta
*
* @param int $post_id Post ID.
* @param string $meta_key Metadata name (clean, slashes already stripped).
* @param mixed $meta_value Metadata value (clean, slashes already stripped).
* @param bool $unique Optional, default is false. Whether the same key should not be added.
* @return bool False for failure. True for success.
*/
function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) {
function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
// make sure meta is added to the post, not a revision
if ( $the_post = wp_is_post_revision( $post_id ) )
if ( $the_post = wp_is_post_revision($post_id) )
$post_id = $the_post;
return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique );
return add_metadata('post', $post_id, $meta_key, $meta_value, $unique);
}
/**
@ -1768,45 +1744,17 @@ function get_post_meta($post_id, $key = '', $single = false) {
* @link http://codex.wordpress.org/Function_Reference/update_post_meta
*
* @param int $post_id Post ID.
* @param string $meta_key Metadata key (expected slashed).
* @param mixed $meta_value Metadata value (expected slashed).
* @param string $meta_key Metadata key.
* @param mixed $meta_value Metadata value.
* @param mixed $prev_value Optional. Previous value to check before removing.
* @return bool False on failure, true if success.
*/
function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
//_deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' );
// expected slashed
$meta_key = stripslashes( $meta_key );
$meta_value = stripslashes_deep( $meta_value );
return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value );
}
/**
* Update post meta field based on post ID.
*
* Use the $prev_value parameter to differentiate between meta fields with the
* same key and post ID.
*
* If the meta field for the post does not exist, it will be added.
*
* @since 3.6.0
* @uses $wpdb
* @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta
*
* @param int $post_id Post ID.
* @param string $meta_key Metadata key (clean, slashes already stripped).
* @param mixed $meta_value Metadata value (clean, slashes already stripped).
* @param mixed $prev_value Optional. Previous value to check before removing.
* @return bool False on failure, true if success.
*/
function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) {
function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
// make sure meta is added to the post, not a revision
if ( $the_post = wp_is_post_revision( $post_id ) )
if ( $the_post = wp_is_post_revision($post_id) )
$post_id = $the_post;
return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value );
return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value);
}
/**
@ -2393,8 +2341,8 @@ function wp_trash_post($post_id = 0) {
do_action('wp_trash_post', $post_id);
wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
wp_add_post_meta($post_id,'_wp_trash_meta_time', time());
add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']);
add_post_meta($post_id,'_wp_trash_meta_time', time());
$post['post_status'] = 'trash';
wp_insert_post($post);
@ -2470,7 +2418,7 @@ function wp_trash_post_comments($post = null) {
$statuses = array();
foreach ( $comments as $comment )
$statuses[$comment->comment_ID] = $comment->comment_approved;
wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses);
// Set status for all comments to post-trashed
$result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id));
@ -2846,8 +2794,10 @@ function wp_insert_post($postarr, $wp_error = false) {
$post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
// expected_slashed (everything!)
$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
$data = apply_filters('wp_insert_post_data', $data, $postarr);
$data = stripslashes_deep( $data );
$where = array( 'ID' => $post_ID );
if ( $update ) {
@ -2860,7 +2810,7 @@ function wp_insert_post($postarr, $wp_error = false) {
}
} else {
if ( isset($post_mime_type) )
$data['post_mime_type'] = $post_mime_type; // This isn't in the update
$data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
// If there is a suggested ID, use it if not already present
if ( !empty($import_id) ) {
$import_id = (int) $import_id;
@ -2921,7 +2871,7 @@ function wp_insert_post($postarr, $wp_error = false) {
else
return 0;
}
wp_update_post_meta($post_ID, '_wp_page_template', $page_template);
update_post_meta($post_ID, '_wp_page_template', $page_template);
}
wp_transition_post_status($data['post_status'], $previous_status, $post);
@ -2954,11 +2904,15 @@ function wp_update_post( $postarr = array(), $wp_error = false ) {
if ( is_object($postarr) ) {
// non-escaped post was passed
$postarr = get_object_vars($postarr);
$postarr = add_magic_quotes($postarr);
}
// First, get all of the original fields
$post = get_post($postarr['ID'], ARRAY_A);
// Escape data pulled from DB.
$post = add_magic_quotes($post);
// Passed post category list overwrites existing category list if not empty.
if ( isset($postarr['post_category']) && is_array($postarr['post_category'])
&& 0 != count($postarr['post_category']) )
@ -3396,7 +3350,7 @@ function trackback_url_list($tb_list, $post_id) {
$trackback_urls = explode(',', $tb_list);
foreach( (array) $trackback_urls as $tb_url) {
$tb_url = trim($tb_url);
trackback($tb_url, $post_title, $excerpt, $post_id);
trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
}
}
}
@ -3739,6 +3693,9 @@ function get_pages($args = '') {
if ( ! empty( $meta_key ) || ! empty( $meta_value ) ) {
$join = " LEFT JOIN $wpdb->postmeta ON ( $wpdb->posts.ID = $wpdb->postmeta.post_id )";
// meta_key and meta_value might be slashed
$meta_key = stripslashes($meta_key);
$meta_value = stripslashes($meta_value);
if ( ! empty( $meta_key ) )
$where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key);
if ( ! empty( $meta_value ) )
@ -3963,6 +3920,7 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
else
$post_name = sanitize_title($post_name);
// expected_slashed ($post_name)
$post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent);
if ( empty($post_date) )
@ -4005,7 +3963,9 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
if ( ! isset($pinged) )
$pinged = '';
// expected_slashed (everything!)
$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) );
$data = stripslashes_deep( $data );
if ( $update ) {
$wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) );
@ -4050,7 +4010,7 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
clean_post_cache( $post_ID );
if ( ! empty( $context ) )
wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
add_post_meta( $post_ID, '_wp_attachment_context', $context, true );
if ( $update) {
do_action('edit_attachment', $post_ID);
@ -4437,7 +4397,7 @@ function wp_check_for_changed_slugs($post_id, $post, $post_before) {
// if we haven't added this old slug before, add it now
if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) )
wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
add_post_meta($post_id, '_wp_old_slug', $post_before->post_name);
// if the new slug was used previously, delete it from the list
if ( in_array($post->post_name, $old_slugs) )
@ -4854,8 +4814,8 @@ function _publish_post_hook($post_id) {
return;
if ( get_option('default_pingback_flag') )
wp_add_post_meta( $post_id, '_pingme', '1' );
wp_add_post_meta( $post_id, '_encloseme', '1' );
add_post_meta( $post_id, '_pingme', '1' );
add_post_meta( $post_id, '_encloseme', '1' );
wp_schedule_single_event(time(), 'do_pings');
}
@ -4933,7 +4893,7 @@ function set_post_thumbnail( $post, $thumbnail_id ) {
$thumbnail_id = absint( $thumbnail_id );
if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) {
if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) )
return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id );
else
return delete_post_meta( $post->ID, '_thumbnail_id' );
}

5
wp-includes/query.php
View File

@ -1733,6 +1733,7 @@ class WP_Query {
// Category stuff
if ( !empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) {
$q['cat'] = ''.urldecode($q['cat']).'';
$q['cat'] = addslashes_gpc($q['cat']);
$cat_array = preg_split('/[,\s]+/', $q['cat']);
$q['cat'] = '';
$req_cats = array();
@ -2186,6 +2187,8 @@ class WP_Query {
// If a search pattern is specified, load the posts that match
if ( !empty($q['s']) ) {
// added slashes screw with quote grouping when done early, so done later
$q['s'] = stripslashes($q['s']);
if ( empty( $_GET['s'] ) && $this->is_main_query() )
$q['s'] = urldecode($q['s']);
if ( !empty($q['sentence']) ) {
@ -2294,6 +2297,7 @@ class WP_Query {
$whichauthor = '';
} else {
$q['author'] = (string)urldecode($q['author']);
$q['author'] = addslashes_gpc($q['author']);
if ( strpos($q['author'], '-') !== false ) {
$eq = '!=';
$andor = 'AND';
@ -2357,6 +2361,7 @@ class WP_Query {
$allowed_keys[] = 'meta_value_num';
}
$q['orderby'] = urldecode($q['orderby']);
$q['orderby'] = addslashes_gpc($q['orderby']);
$orderby_array = array();
foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) {

3
wp-includes/revision.php
View File

@ -241,6 +241,7 @@ function _wp_put_post_revision( $post = null, $autosave = false ) {
return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) );
$post = _wp_post_revision_fields( $post, $autosave );
$post = add_magic_quotes($post); //since data is from db
$revision_id = wp_insert_post( $post );
if ( is_wp_error($revision_id) )
@ -319,6 +320,8 @@ function wp_restore_post_revision( $revision_id, $fields = null ) {
$update['ID'] = $revision['post_parent'];
$update = add_magic_quotes( $update ); //since data is from db
$post_id = wp_update_post( $update );
if ( is_wp_error( $post_id ) )
return $post_id;

15
wp-includes/taxonomy.php
View File

@ -958,6 +958,8 @@ function get_term_by($field, $value, $taxonomy, $output = OBJECT, $filter = 'raw
if ( empty($value) )
return false;
} else if ( 'name' == $field ) {
// Assume already escaped
$value = stripslashes($value);
$field = 't.name';
} else {
$term = get_term( (int) $value, $taxonomy, $output, $filter);
@ -1497,7 +1499,7 @@ function term_exists($term, $taxonomy = '', $parent = 0) {
return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) );
}
$term = trim( $term );
$term = trim( stripslashes( $term ) );
if ( '' === $slug = sanitize_title($term) )
return 0;
@ -2059,6 +2061,10 @@ function wp_insert_term( $term, $taxonomy, $args = array() ) {
$args = sanitize_term($args, $taxonomy, 'db');
extract($args, EXTR_SKIP);
// expected_slashed ($name)
$name = stripslashes($name);
$description = stripslashes($description);
if ( empty($slug) )
$slug = sanitize_title($name);
@ -2438,6 +2444,9 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) {
if ( is_wp_error( $term ) )
return $term;
// Escape data pulled from DB.
$term = add_magic_quotes($term);
// Merge old and new args with new args overwriting old ones.
$args = array_merge($term, $args);
@ -2446,6 +2455,10 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) {
$args = sanitize_term($args, $taxonomy, 'db');
extract($args, EXTR_SKIP);
// expected_slashed ($name)
$name = stripslashes($name);
$description = stripslashes($description);
if ( '' == trim($name) )
return new WP_Error('empty_term_name', __('A name is required for this term'));

8
wp-includes/user.php
View File

@ -1390,6 +1390,7 @@ function wp_insert_user( $userdata ) {
}
$data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' );
$data = stripslashes_deep( $data );
if ( $update ) {
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
@ -1461,6 +1462,9 @@ function wp_update_user($userdata) {
$user[ $key ] = get_user_meta( $ID, $key, true );
}
// Escape data pulled from DB.
$user = add_magic_quotes( $user );
// If password is changing, hash it now.
if ( ! empty($userdata['user_pass']) ) {
$plaintext_pass = $userdata['user_pass'];
@ -1500,8 +1504,8 @@ function wp_update_user($userdata) {
* @return int The new user's ID.
*/
function wp_create_user($username, $password, $email = '') {
$user_login = $username;
$user_email = $email;
$user_login = esc_sql( $username );
$user_email = esc_sql( $email );
$user_pass = $password;
$userdata = compact('user_login', 'user_email', 'user_pass');

2
wp-includes/widgets.php
View File

@ -224,7 +224,7 @@ class WP_Widget {
}
foreach ( $settings as $number => $new_instance ) {
$new_instance = wp_unslash($new_instance);
$new_instance = stripslashes_deep($new_instance);
$this->_set($number);
$old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array();

14
wp-login.php
View File

@ -399,7 +399,7 @@ case 'postpass' :
}
// 10 days
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
wp_safe_redirect( wp_get_referer() );
exit();
@ -434,7 +434,7 @@ case 'retrievepassword' :
do_action('lost_password');
login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
$user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
$user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
?>
@ -533,8 +533,8 @@ case 'register' :
$user_login = '';
$user_email = '';
if ( $http_post ) {
$user_login = wp_unslash( $_POST['user_login'] );
$user_email = wp_unslash( $_POST['user_email'] );
$user_login = $_POST['user_login'];
$user_email = $_POST['user_email'];
$errors = register_new_user($user_login, $user_email);
if ( !is_wp_error($errors) ) {
$redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered';
@ -550,11 +550,11 @@ case 'register' :
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url('wp-login.php?action=register', 'login_post') ); ?>" method="post">
<p>
<label for="user_login"><?php _e('Username') ?><br />
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" /></label>
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" /></label>
</p>
<p>
<label for="user_email"><?php _e('E-mail') ?><br />
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email ); ?>" size="25" /></label>
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" /></label>
</p>
<?php do_action('register_form'); ?>
<p id="reg_passmail"><?php _e('A password will be e-mailed to you.') ?></p>
@ -670,7 +670,7 @@ default:
login_header(__('Log In'), '', $errors);
if ( isset($_POST['log']) )
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
$user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
$rememberme = ! empty( $_POST['rememberme'] );
?>

1
wp-mail.php
View File

@ -202,6 +202,7 @@ for ( $i = 1; $i <= $count; $i++ ) {
$post_category = array(get_option('default_email_category'));
$post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status');
$post_data = add_magic_quotes($post_data);
$post_ID = wp_insert_post($post_data);
if ( is_wp_error( $post_ID ) )

11
wp-trackback.php
View File

@ -45,9 +45,9 @@ $tb_url = isset($_POST['url']) ? $_POST['url'] : '';
$charset = isset($_POST['charset']) ? $_POST['charset'] : '';
// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
$title = isset($_POST['title']) ? wp_unslash( $_POST['title'] ) : '';
$excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt'] ) : '';
$blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] ) : '';
$title = isset($_POST['title']) ? stripslashes($_POST['title']) : '';
$excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';
$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';
if ($charset)
$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
@ -64,6 +64,11 @@ if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
$blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
}
// Now that mb_convert_encoding() has been given a swing, we need to escape these three
$title = $wpdb->escape($title);
$excerpt = $wpdb->escape($excerpt);
$blog_name = $wpdb->escape($blog_name);
if ( is_single() || is_page() )
$tb_id = $posts[0]->ID;