Get our slashes straight.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1405 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren 2004-06-11 08:02:40 +00:00
parent 4f6e367f90
commit 692627e424
6 changed files with 14 additions and 18 deletions

View File

@ -50,7 +50,7 @@ case 'post':
$content = format_to_post($content);
$excerpt = balanceTags($_POST['excerpt']);
$excerpt = format_to_post($excerpt);
$post_title = addslashes($_POST['post_title']);
$post_title = $_POST['post_title'];
$post_categories = $_POST['post_category'];
if(get_settings('use_geo_positions')) {
$latstr = $_POST['post_latf'];
@ -68,7 +68,7 @@ case 'post':
if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
$ping_status = $_POST['ping_status'];
if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
$post_password = addslashes(stripslashes($_POST['post_password']));
$post_password = $_POST['post_password'];
if (empty($post_name))
$post_name = sanitize_title($post_title);
@ -278,7 +278,7 @@ case 'editpost':
$content = format_to_post($content);
$excerpt = balanceTags($_POST['excerpt']);
$excerpt = format_to_post($excerpt);
$post_title = addslashes($_POST['post_title']);
$post_title = $_POST['post_title'];
if(get_settings('use_geo_positions')) {
$latf = floatval($_POST["post_latf"]);
$lonf = floatval($_POST["post_lonf"]);
@ -301,7 +301,7 @@ case 'editpost':
$ping_status = $_POST['ping_status'];
if (empty($ping_status)) $ping_status = 'closed';
//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
$post_password = addslashes($_POST['post_password']);
$post_password = $_POST['post_password'];
$post_name = sanitize_title($_POST['post_name']);
if (empty($post_name)) $post_name = sanitize_title($post_title);
$trackback = $_POST['trackback_url'];
@ -670,9 +670,6 @@ case 'editedcomment':
$newcomment_author = $_POST['newcomment_author'];
$newcomment_author_email = $_POST['newcomment_author_email'];
$newcomment_author_url = $_POST['newcomment_author_url'];
$newcomment_author = addslashes($newcomment_author);
$newcomment_author_email = addslashes($newcomment_author_email);
$newcomment_author_url = addslashes($newcomment_author_url);
if (($user_level > 4) && (!empty($_POST['edit_date']))) {
$aa = $_POST['aa'];

View File

@ -86,9 +86,9 @@ if ((get_settings('comments_notify')) && ($approved)) {
do_action('comment_post', $comment_ID);
setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

View File

@ -267,7 +267,6 @@ function balanceTags($text, $is_comment = 0) {
function format_to_edit($content) {
$content = stripslashes($content);
$content = apply_filters('format_to_edit', $content);
$content = htmlspecialchars($content);
return $content;

View File

@ -21,9 +21,9 @@ function comments_template() {
if ( $single || $withcomments ) :
$req = get_settings('require_name_email');
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
include(ABSPATH . 'wp-comments.php');
endif;

View File

@ -102,7 +102,7 @@ function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_
$output = '';
if (!empty($post->post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie
$output = get_the_password_form();
return $output;
}
@ -178,7 +178,7 @@ function get_the_excerpt($fakeit = true) {
global $id, $post;
global $cookiehash;
$output = '';
$output = stripslashes($post->post_excerpt);
$output = $post->post_excerpt;
if (!empty($post->post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
$output = __('There is no excerpt because this is a protected post.');
@ -188,7 +188,7 @@ function get_the_excerpt($fakeit = true) {
// If we haven't got an excerpt, make one in the style of the rss ones
if (($output == '') && $fakeit) {
$output = $post->post_content;
$output = stripslashes($post->post_content);
$output = strip_tags($output);
$blah = explode(' ', $output);
$excerpt_length = 120;

View File

@ -5,7 +5,7 @@
-- Matt
*/
require(dirname(__FILE__) . '/wp-config.php');
setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30);
setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30);
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>