Get our slashes straight.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren
parent
4f6e367f90
commit
692627e424
|
|
@ -50,7 +50,7 @@ case 'post':
|
|||
$content = format_to_post($content);
|
||||
$excerpt = balanceTags($_POST['excerpt']);
|
||||
$excerpt = format_to_post($excerpt);
|
||||
$post_title = addslashes($_POST['post_title']);
|
||||
$post_title = $_POST['post_title'];
|
||||
$post_categories = $_POST['post_category'];
|
||||
if(get_settings('use_geo_positions')) {
|
||||
$latstr = $_POST['post_latf'];
|
||||
|
|
@ -68,7 +68,7 @@ case 'post':
|
|||
if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
|
||||
$ping_status = $_POST['ping_status'];
|
||||
if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
|
||||
$post_password = addslashes(stripslashes($_POST['post_password']));
|
||||
$post_password = $_POST['post_password'];
|
||||
|
||||
if (empty($post_name))
|
||||
$post_name = sanitize_title($post_title);
|
||||
|
|
@ -278,7 +278,7 @@ case 'editpost':
|
|||
$content = format_to_post($content);
|
||||
$excerpt = balanceTags($_POST['excerpt']);
|
||||
$excerpt = format_to_post($excerpt);
|
||||
$post_title = addslashes($_POST['post_title']);
|
||||
$post_title = $_POST['post_title'];
|
||||
if(get_settings('use_geo_positions')) {
|
||||
$latf = floatval($_POST["post_latf"]);
|
||||
$lonf = floatval($_POST["post_lonf"]);
|
||||
|
|
@ -301,7 +301,7 @@ case 'editpost':
|
|||
$ping_status = $_POST['ping_status'];
|
||||
if (empty($ping_status)) $ping_status = 'closed';
|
||||
//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
|
||||
$post_password = addslashes($_POST['post_password']);
|
||||
$post_password = $_POST['post_password'];
|
||||
$post_name = sanitize_title($_POST['post_name']);
|
||||
if (empty($post_name)) $post_name = sanitize_title($post_title);
|
||||
$trackback = $_POST['trackback_url'];
|
||||
|
|
@ -670,9 +670,6 @@ case 'editedcomment':
|
|||
$newcomment_author = $_POST['newcomment_author'];
|
||||
$newcomment_author_email = $_POST['newcomment_author_email'];
|
||||
$newcomment_author_url = $_POST['newcomment_author_url'];
|
||||
$newcomment_author = addslashes($newcomment_author);
|
||||
$newcomment_author_email = addslashes($newcomment_author_email);
|
||||
$newcomment_author_url = addslashes($newcomment_author_url);
|
||||
|
||||
if (($user_level > 4) && (!empty($_POST['edit_date']))) {
|
||||
$aa = $_POST['aa'];
|
||||
|
|
|
|||
|
|
@ -86,9 +86,9 @@ if ((get_settings('comments_notify')) && ($approved)) {
|
|||
|
||||
do_action('comment_post', $comment_ID);
|
||||
|
||||
setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
|
||||
setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
|
||||
setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
|
||||
setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
|
||||
setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
|
||||
setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
|
||||
|
||||
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||
|
|
|
|||
|
|
@ -267,7 +267,6 @@ function balanceTags($text, $is_comment = 0) {
|
|||
|
||||
|
||||
function format_to_edit($content) {
|
||||
$content = stripslashes($content);
|
||||
$content = apply_filters('format_to_edit', $content);
|
||||
$content = htmlspecialchars($content);
|
||||
return $content;
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ function comments_template() {
|
|||
|
||||
if ( $single || $withcomments ) :
|
||||
$req = get_settings('require_name_email');
|
||||
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
|
||||
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
|
||||
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
|
||||
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
|
||||
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
|
||||
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
|
||||
include(ABSPATH . 'wp-comments.php');
|
||||
endif;
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_
|
|||
$output = '';
|
||||
|
||||
if (!empty($post->post_password)) { // if there's a password
|
||||
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||
if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie
|
||||
$output = get_the_password_form();
|
||||
return $output;
|
||||
}
|
||||
|
|
@ -178,7 +178,7 @@ function get_the_excerpt($fakeit = true) {
|
|||
global $id, $post;
|
||||
global $cookiehash;
|
||||
$output = '';
|
||||
$output = stripslashes($post->post_excerpt);
|
||||
$output = $post->post_excerpt;
|
||||
if (!empty($post->post_password)) { // if there's a password
|
||||
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||
$output = __('There is no excerpt because this is a protected post.');
|
||||
|
|
@ -188,7 +188,7 @@ function get_the_excerpt($fakeit = true) {
|
|||
|
||||
// If we haven't got an excerpt, make one in the style of the rss ones
|
||||
if (($output == '') && $fakeit) {
|
||||
$output = $post->post_content;
|
||||
$output = stripslashes($post->post_content);
|
||||
$output = strip_tags($output);
|
||||
$blah = explode(' ', $output);
|
||||
$excerpt_length = 120;
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
-- Matt
|
||||
*/
|
||||
require(dirname(__FILE__) . '/wp-config.php');
|
||||
setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30);
|
||||
setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30);
|
||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||
|
||||
?>
|
||||
Loading…
Reference in New Issue