stripslashes() elimination. Remove extra slashes during upgrade. Bugs 0000059 and 0000018

git-svn-id: http://svn.automattic.com/wordpress/trunk@1435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren 2004-06-18 00:22:09 +00:00
parent c222d7d2e0
commit 6fd6b1080d
17 changed files with 131 additions and 109 deletions

View File

@ -80,7 +80,7 @@ function get_nested_categories($default = 0, $parent = 0) {
$result[$cat]['children'] = get_nested_categories($default, $cat); $result[$cat]['children'] = get_nested_categories($default, $cat);
$result[$cat]['cat_ID'] = $cat; $result[$cat]['cat_ID'] = $cat;
$result[$cat]['checked'] = in_array($cat, $checked_categories); $result[$cat]['checked'] = in_array($cat, $checked_categories);
$result[$cat]['cat_name'] = stripslashes(get_the_category_by_ID($cat)); $result[$cat]['cat_name'] = get_the_category_by_ID($cat);
} }
return $result; return $result;

View File

@ -87,7 +87,6 @@ switch ($action) {
$cat_id = $_GET['cat_id']; $cat_id = $_GET['cat_id'];
$cat_name=get_linkcatname($cat_id); $cat_name=get_linkcatname($cat_id);
$cat_name=addslashes($cat_name);
if ($cat_id=="1") if ($cat_id=="1")
die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name)); die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name));
@ -132,7 +131,7 @@ switch ($action) {
<table class="editform" width="100%" cellspacing="2" cellpadding="5"> <table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr> <tr>
<th width="33%" scope="row"><?php _e('Name:') ?></th> <th width="33%" scope="row"><?php _e('Name:') ?></th>
<td width="67%"><input name="cat_name" type="text" value="<?php echo stripslashes($row->cat_name)?>" size="30" /></td> <td width="67%"><input name="cat_name" type="text" value="<?php echo $row->cat_name?>" size="30" /></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php _e('Show:') ?></th> <th scope="row"><?php _e('Show:') ?></th>
@ -190,15 +189,15 @@ switch ($action) {
<table class="editform" width="100%" cellspacing="2" cellpadding="5"> <table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr> <tr>
<th width="33%" scope="row"><?php _e('Before Link:') ?></th> <th width="33%" scope="row"><?php _e('Before Link:') ?></th>
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_before_link))?>" /></td> <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars($row->text_before_link)?>" /></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php _e('Between Link and Description:') ?></th> <th scope="row"><?php _e('Between Link and Description:') ?></th>
<td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_after_link))?>" /></td> <td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars($row->text_after_link)?>" /></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php _e('After Link:') ?></th> <th scope="row"><?php _e('After Link:') ?></th>
<td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_after_all))?>"/></td> <td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars($row->text_after_all)?>"/></td>
</tr> </tr>
</table> </table>
</fieldset> </fieldset>
@ -223,7 +222,7 @@ switch ($action) {
$cat_id=$_POST["cat_id"]; $cat_id=$_POST["cat_id"];
$cat_name=addslashes(stripslashes($_POST["cat_name"])); $cat_name= $_POST["cat_name"];
$auto_toggle = $_POST["auto_toggle"]; $auto_toggle = $_POST["auto_toggle"];
if ($auto_toggle != 'Y') { if ($auto_toggle != 'Y') {
$auto_toggle = 'N'; $auto_toggle = 'N';
@ -333,7 +332,7 @@ foreach ($results as $row) {
$style = ($i % 2) ? ' class="alternate"' : ''; $style = ($i % 2) ? ' class="alternate"' : '';
?> ?>
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;"> <tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
<td><?php echo stripslashes($row->cat_name)?></td> <td><?php echo $row->cat_name?></td>
<td ><?php echo $row->cat_id?></td> <td ><?php echo $row->cat_id?></td>
<td><?php echo $row->auto_toggle?></td> <td><?php echo $row->auto_toggle?></td>
<td><?php echo $row->show_images?></td> <td><?php echo $row->show_images?></td>

View File

@ -312,16 +312,16 @@ switch ($action) {
WHERE link_id = $link_id"); WHERE link_id = $link_id");
if ($row) { if ($row) {
$link_url = stripslashes($row->link_url); $link_url = $row->link_url;
$link_name = stripslashes($row->link_name); $link_name = $row->link_name;
$link_image = $row->link_image; $link_image = $row->link_image;
$link_target = $row->link_target; $link_target = $row->link_target;
$link_category = $row->link_category; $link_category = $row->link_category;
$link_description = stripslashes($row->link_description); $link_description = $row->link_description;
$link_visible = $row->link_visible; $link_visible = $row->link_visible;
$link_rating = $row->link_rating; $link_rating = $row->link_rating;
$link_rel = stripslashes($row->link_rel); $link_rel = $row->link_rel;
$link_notes = stripslashes($row->link_notes); $link_notes = $row->link_notes;
$link_rss_uri = $row->link_rss; $link_rss_uri = $row->link_rss;
} }
@ -690,17 +690,13 @@ function checkAll(form)
$links = $wpdb->get_results($sql); $links = $wpdb->get_results($sql);
if ($links) { if ($links) {
foreach ($links as $link) { foreach ($links as $link) {
$short_url = str_replace('http://', '', stripslashes($link->link_url)); $short_url = str_replace('http://', '', $link->link_url);
$short_url = str_replace('www.', '', $short_url); $short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1)) if ('/' == substr($short_url, -1))
$short_url = substr($short_url, 0, -1); $short_url = substr($short_url, 0, -1);
if (strlen($short_url) > 35) if (strlen($short_url) > 35)
$short_url = substr($short_url, 0, 32).'...'; $short_url = substr($short_url, 0, 32).'...';
$link->link_name = stripslashes($link->link_name);
$link->category = stripslashes($link->category);
$link->link_rel = stripslashes($link->link_rel);
$link->link_description = stripslashes($link->link_description);
$image = ($link->link_image != null) ? __('Yes') : __('No'); $image = ($link->link_image != null) ? __('Yes') : __('No');
$visible = ($link->link_visible == 'Y') ? __('Yes') : __('No'); $visible = ($link->link_visible == 'Y') ? __('Yes') : __('No');
++$i; ++$i;

View File

@ -40,5 +40,5 @@ get_settings('use_fileupload') &&
?> ?>
<li><a href="<?php echo get_settings('home') . '/' . get_settings('blogfilename'); ?>" title="<?php _e('View your site') ?>"><?php _e('View site') ?> &raquo;</a></li> <li><a href="<?php echo get_settings('home') . '/' . get_settings('blogfilename'); ?>" title="<?php _e('View your site') ?>"><?php _e('View site') ?> &raquo;</a></li>
<li class="last"><a href="<?php echo get_settings('siteurl') <li class="last"><a href="<?php echo get_settings('siteurl')
?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), stripslashes($user_nickname)) ?></a></li> ?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), $user_nickname) ?></a></li>
</ul> </ul>

View File

@ -75,7 +75,7 @@ $nonbools = array('default_ping_status', 'default_comment_status');
foreach ($options as $option) { foreach ($options as $option) {
// should we even bother checking? // should we even bother checking?
if ($user_level >= $option->option_admin_level) { if ($user_level >= $option->option_admin_level) {
$old_val = stripslashes($option->option_value); $old_val = $option->option_value;
$new_val = $_POST[$option->option_name]; $new_val = $_POST[$option->option_name];
if (!$new_val) { if (!$new_val) {
if (3 == $option->option_type) if (3 == $option->option_type)

View File

@ -83,19 +83,19 @@ case 'update':
setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH); setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
} }
$newuser_firstname=addslashes(stripslashes($_POST['newuser_firstname'])); $newuser_firstname=$_POST['newuser_firstname'];
$newuser_lastname=addslashes(stripslashes($_POST['newuser_lastname'])); $newuser_lastname=$_POST['newuser_lastname'];
$newuser_nickname=addslashes(stripslashes($_POST['newuser_nickname'])); $newuser_nickname=$_POST['newuser_nickname'];
$newuser_nicename=sanitize_title($newuser_nickname); $newuser_nicename=sanitize_title($newuser_nickname);
$newuser_icq=addslashes(stripslashes($_POST['newuser_icq'])); $newuser_icq=$_POST['newuser_icq'];
$newuser_aim=addslashes(stripslashes($_POST['newuser_aim'])); $newuser_aim=$_POST['newuser_aim'];
$newuser_msn=addslashes(stripslashes($_POST['newuser_msn'])); $newuser_msn=$_POST['newuser_msn'];
$newuser_yim=addslashes(stripslashes($_POST['newuser_yim'])); $newuser_yim=$_POST['newuser_yim'];
$newuser_email=addslashes(stripslashes($_POST['newuser_email'])); $newuser_email=$_POST['newuser_email'];
$newuser_url=addslashes(stripslashes($_POST['newuser_url'])); $newuser_url=$_POST['newuser_url'];
$newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url; $newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url;
$newuser_idmode=addslashes(stripslashes($_POST['newuser_idmode'])); $newuser_idmode=$_POST['newuser_idmode'];
$user_description = addslashes(stripslashes($_POST['user_description'])); $user_description = $_POST['user_description'];
$query = "UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID"; $query = "UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID";
$result = $wpdb->query($query); $result = $wpdb->query($query);

View File

@ -90,6 +90,23 @@ function get_alloptions_110() {
return $all_options; return $all_options;
} }
function deslash($content) {
// Note: \\\ inside a regex denotes a single backslash.
// Replace one or more backslashes followed by a single quote with
// a single quote.
$content = preg_replace("/\\\+'/", "'", $content);
// Replace one or more backslashes followed by a double quote with
// a double quote.
$content = preg_replace('/\\\+"/', '"', $content);
// Replace one or more backslashes with one backslash.
$content = preg_replace("/\\\+/", "\\", $content);
return $content;
}
// .71 stuff // .71 stuff
function upgrade_071() { function upgrade_071() {
@ -871,6 +888,27 @@ function upgrade_130() {
foreach ($fatoptions as $fatoption) : foreach ($fatoptions as $fatoption) :
$wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'"); $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'");
endforeach; endforeach;
// Remove extraneous backslashes.
$posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt FROM $wpdb->posts");
if ($posts) {
foreach($posts as $post) {
$post_content = addslashes(deslash($post->post_content));
$post_title = addslashes(deslash($post->post_title));
$post_excerpt = addslashes(deslash($post->post_excerpt));
$wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt' WHERE ID = '$post->ID'");
}
}
// Remove extraneous backslashes.
$comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments");
if ($comments) {
foreach($comments as $comment) {
$comment_content = addslashes(deslash($comment->comment_content));
$comment_author = addslashes(deslash($comment->comment_author));
$wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'");
}
}
} }
?> ?>

View File

@ -70,13 +70,7 @@ case 'adduser':
return false; return false;
} }
$user_login = addslashes(stripslashes($user_login));
$pass1 = addslashes(stripslashes($pass1));
$user_nickname = addslashes(stripslashes($user_nickname));
$user_nicename = sanitize_title($user_nickname); $user_nicename = sanitize_title($user_nickname);
$user_firstname = addslashes(stripslashes($user_firstname));
$user_lastname = addslashes(stripslashes($user_lastname));
$user_uri = addslashes(stripslashes($user_uri));
$user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri; $user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri;
$now = gmdate('Y-m-d H:i:s'); $now = gmdate('Y-m-d H:i:s');
$new_users_can_blog = get_settings('new_users_can_blog'); $new_users_can_blog = get_settings('new_users_can_blog');
@ -95,6 +89,7 @@ case 'adduser':
$stars .= '*'; $stars .= '*';
} }
$user_login = stripslashes($user_login);
$message = 'New user registration on your blog ' . get_settings('blogname') . ":\r\n\r\n"; $message = 'New user registration on your blog ' . get_settings('blogname') . ":\r\n\r\n";
$message .= "Login: $user_login\r\n\r\nE-mail: $user_email"; $message .= "Login: $user_login\r\n\r\nE-mail: $user_email";
@ -204,7 +199,7 @@ default:
$user_data = get_userdata($user->ID); $user_data = get_userdata($user->ID);
$email = $user_data->user_email; $email = $user_data->user_email;
$url = $user_data->user_url; $url = $user_data->user_url;
$short_url = str_replace('http://', '', stripslashes($url)); $short_url = str_replace('http://', '', $url);
$short_url = str_replace('www.', '', $short_url); $short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1)) if ('/' == substr($short_url, -1))
$short_url = substr($short_url, 0, -1); $short_url = substr($short_url, 0, -1);
@ -255,7 +250,7 @@ default:
$user_data = get_userdata($user->ID); $user_data = get_userdata($user->ID);
$email = $user_data->user_email; $email = $user_data->user_email;
$url = $user_data->user_url; $url = $user_data->user_url;
$short_url = str_replace('http://', '', stripslashes($url)); $short_url = str_replace('http://', '', $url);
$short_url = str_replace('www.', '', $short_url); $short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1)) if ('/' == substr($short_url, -1))
$short_url = substr($short_url, 0, -1); $short_url = substr($short_url, 0, -1);

View File

@ -50,7 +50,6 @@ function wptexturize($text) {
} }
function clean_pre($text) { function clean_pre($text) {
$text = stripslashes($text);
$text = str_replace('<br />', '', $text); $text = str_replace('<br />', '', $text);
return $text; return $text;
} }

View File

@ -166,16 +166,11 @@ function get_currentuserinfo() { // a bit like get_userdata(), on steroids
function get_userdata($userid) { function get_userdata($userid) {
global $wpdb, $cache_userdata; global $wpdb, $cache_userdata;
if ( empty($cache_userdata[$userid]) ) { if ( empty($cache_userdata[$userid]) ) {
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$userid'"); $cache_userdata[$userid] =
$user->user_nickname = stripslashes($user->user_nickname); $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$userid'");
$user->user_firstname = stripslashes($user->user_firstname);
$user->user_lastname = stripslashes($user->user_lastname);
$user->user_description = stripslashes($user->user_description);
$cache_userdata[$userid] = $user;
} else {
$user = $cache_userdata[$userid];
} }
return $user;
return $cache_userdata[$userid];
} }
function get_userdatabylogin($user_login) { function get_userdatabylogin($user_login) {
@ -315,7 +310,7 @@ function get_alloptions() {
if ('siteurl' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value); if ('siteurl' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
if ('home' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value); if ('home' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
if ('category_base' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value); if ('category_base' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
$all_options->{$option->option_name} = stripslashes($option->option_value); $all_options->{$option->option_name} = $option->option_value;
} }
} }
return $all_options; return $all_options;
@ -323,7 +318,7 @@ function get_alloptions() {
function update_option($option_name, $newvalue) { function update_option($option_name, $newvalue) {
global $wpdb, $cache_settings; global $wpdb, $cache_settings;
$newvalue = stripslashes($newvalue); $newvalue = $newvalue;
$newvalue = trim($newvalue); // I can't think of any situation we wouldn't want to trim $newvalue = trim($newvalue); // I can't think of any situation we wouldn't want to trim
$newvalue = $wpdb->escape($newvalue); $newvalue = $wpdb->escape($newvalue);
$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'"); $wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
@ -516,9 +511,9 @@ add_action('publish_post', 'generic_ping');
// Send a Trackback // Send a Trackback
function trackback($trackback_url, $title, $excerpt, $ID) { function trackback($trackback_url, $title, $excerpt, $ID) {
global $wpdb; global $wpdb;
$title = urlencode(stripslashes($title)); $title = urlencode($title);
$excerpt = urlencode(stripslashes($excerpt)); $excerpt = urlencode($excerpt);
$blog_name = urlencode(stripslashes(get_settings('blogname'))); $blog_name = urlencode(get_settings('blogname'));
$tb_url = $trackback_url; $tb_url = $trackback_url;
$url = urlencode(get_permalink($ID)); $url = urlencode(get_permalink($ID));
$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt"; $query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
@ -932,38 +927,38 @@ function wp_notify_postauthor($comment_id, $comment_type='comment') {
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$blogname = stripslashes(get_settings('blogname')); $blogname = get_settings('blogname');
if ('comment' == $comment_type) { if ('comment' == $comment_type) {
$notify_message = "New comment on your post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n"; $notify_message = "New comment on your post #$comment->comment_post_ID \"".$post->post_title."\"\r\n\r\n";
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n"; $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "E-mail : $comment->comment_author_email\r\n"; $notify_message .= "E-mail : $comment->comment_author_email\r\n";
$notify_message .= "URI : $comment->comment_author_url\r\n"; $notify_message .= "URI : $comment->comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n"; $notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n"; $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
$notify_message .= "You can see all comments on this post here: \r\n"; $notify_message .= "You can see all comments on this post here: \r\n";
$subject = '[' . $blogname . '] Comment: "' .stripslashes($post->post_title).'"'; $subject = '[' . $blogname . '] Comment: "' .$post->post_title.'"';
} elseif ('trackback' == $comment_type) { } elseif ('trackback' == $comment_type) {
$notify_message = "New trackback on your post #$comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n"; $notify_message = "New trackback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
$notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n"; $notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "URI : $comment->comment_author_url\r\n"; $notify_message .= "URI : $comment->comment_author_url\r\n";
$notify_message .= "Excerpt: \n".stripslashes($comment->comment_content)."\r\n\r\n"; $notify_message .= "Excerpt: \n".$comment->comment_content."\r\n\r\n";
$notify_message .= "You can see all trackbacks on this post here: \r\n"; $notify_message .= "You can see all trackbacks on this post here: \r\n";
$subject = '[' . $blogname . '] Trackback: "' .stripslashes($post->post_title).'"'; $subject = '[' . $blogname . '] Trackback: "' .$post->post_title.'"';
} elseif ('pingback' == $comment_type) { } elseif ('pingback' == $comment_type) {
$notify_message = "New pingback on your post #$comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n"; $notify_message = "New pingback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
$notify_message .= "Website: $comment->comment_author\r\n"; $notify_message .= "Website: $comment->comment_author\r\n";
$notify_message .= "URI : $comment->comment_author_url\r\n"; $notify_message .= "URI : $comment->comment_author_url\r\n";
$notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n"; $notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n";
$notify_message .= "You can see all pingbacks on this post here: \r\n"; $notify_message .= "You can see all pingbacks on this post here: \r\n";
$subject = '[' . $blogname . '] Pingback: "' .stripslashes($post->post_title).'"'; $subject = '[' . $blogname . '] Pingback: "' .$post->post_title.'"';
} }
$notify_message .= get_permalink($comment->comment_post_ID) . '#comments'; $notify_message .= get_permalink($comment->comment_post_ID) . '#comments';
if ('' == $comment->comment_author_email || '' == $comment->comment_author) { if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>'; $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
} else { } else {
$from = 'From: "' . stripslashes($comment->comment_author) . "\" <$comment->comment_author_email>"; $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
} }
$message_headers = "MIME-Version: 1.0\r\n" $message_headers = "MIME-Version: 1.0\r\n"
@ -991,18 +986,18 @@ function wp_notify_moderator($comment_id) {
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message = "A new comment on the post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\" is waiting for your approval\r\n\r\n"; $notify_message = "A new comment on the post #$comment->comment_post_ID \"".$post->post_title."\" is waiting for your approval\r\n\r\n";
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n"; $notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "E-mail : $comment->comment_author_email\r\n"; $notify_message .= "E-mail : $comment->comment_author_email\r\n";
$notify_message .= "URL : $comment->comment_author_url\r\n"; $notify_message .= "URL : $comment->comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n"; $notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n"; $notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
$notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n"; $notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
$notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n"; $notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
$notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n"; $notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n"; $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
$subject = '[' . stripslashes(get_settings('blogname')) . '] Please approve: "' .stripslashes($post->post_title).'"'; $subject = '[' . get_settings('blogname') . '] Please approve: "' .$post->post_title.'"';
$admin_email = get_settings("admin_email"); $admin_email = get_settings("admin_email");
$from = "From: $admin_email"; $from = "From: $admin_email";

View File

@ -176,14 +176,14 @@ function get_links($category = -1, $before = '', $after = '<br />',
} }
$the_link = '#'; $the_link = '#';
if (($row->link_url != null) && ($row->link_url != '')) { if (($row->link_url != null) && ($row->link_url != '')) {
$the_link = htmlspecialchars(stripslashes($row->link_url)); $the_link = htmlspecialchars($row->link_url);
} }
$rel = stripslashes($row->link_rel); $rel = $row->link_rel;
if ($rel != '') { if ($rel != '') {
$rel = " rel='$rel'"; $rel = " rel='$rel'";
} }
$desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES); $desc = htmlspecialchars($row->link_description, ENT_QUOTES);
$name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES); $name = htmlspecialchars($row->link_name, ENT_QUOTES);
$title = $desc; $title = $desc;
@ -273,7 +273,7 @@ function get_links($category = -1, $before = '', $after = '<br />',
** Use this like: ** Use this like:
** $links = get_linkobjectsbyname('fred'); ** $links = get_linkobjectsbyname('fred');
** foreach ($links as $link) { ** foreach ($links as $link) {
** echo '<li>'.stripslashes($link->link_name).'</li>'; ** echo '<li>'.$link->link_name.'</li>';
** } ** }
**/ **/
function get_linkobjectsbyname($cat_name = "noname" , $orderby = 'name', $limit = -1) { function get_linkobjectsbyname($cat_name = "noname" , $orderby = 'name', $limit = -1) {
@ -350,10 +350,10 @@ function get_linkobjects($category = -1, $orderby = 'name', $limit = -1) {
$results = $wpdb->get_results($sql); $results = $wpdb->get_results($sql);
if ($results) { if ($results) {
foreach ($results as $result) { foreach ($results as $result) {
$result->link_url = stripslashes($result->link_url); $result->link_url = $result->link_url;
$result->link_name = stripslashes($result->link_name); $result->link_name = $result->link_name;
$result->link_description = stripslashes($result->link_description); $result->link_description = $result->link_description;
$result->link_notes = stripslashes($result->link_notes); $result->link_notes = $result->link_notes;
$newresults[] = $result; $newresults[] = $result;
} }
} }
@ -464,7 +464,7 @@ function get_linkcatname($id = 0) {
if ('' != $id) { if ('' != $id) {
$cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id"); $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
} }
return stripslashes($cat_name); return $cat_name;
} }
/** function get_get_autotoggle() /** function get_get_autotoggle()
@ -559,7 +559,7 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
$orderby = (bool_from_yn($cat['sort_desc'])?'_':'') . $orderby; $orderby = (bool_from_yn($cat['sort_desc'])?'_':'') . $orderby;
// Display the category name // Display the category name
echo ' <li id="'.sanitize_title($cat['cat_name']).'">' . stripslashes($cat['cat_name']) . "\n\t<ul>\n"; echo ' <li id="'.sanitize_title($cat['cat_name']).'">' . $cat['cat_name'] . "\n\t<ul>\n";
// Call get_links() with all the appropriate params // Call get_links() with all the appropriate params
get_links($cat['link_category'], get_links($cat['link_category'],
'<li>',"</li>","\n", '<li>',"</li>","\n",

View File

@ -72,7 +72,7 @@ function the_author_posts() {
function the_author_posts_link($idmode='') { function the_author_posts_link($idmode='') {
global $id, $authordata; global $id, $authordata;
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . stripslashes(the_author($idmode, false)) . '</a>'; echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
} }
@ -143,7 +143,7 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
if ($posts == 0) { if ($posts == 0) {
if (! $hide_empty) echo $name; if (! $hide_empty) echo $name;
} else { } else {
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . stripslashes($name) . '</a>'; $link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . $name . '</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) { if ( (! empty($feed_image)) || (! empty($feed)) ) {
@ -156,9 +156,9 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
$link .= '<a href="' . get_author_rss_link(0, $author->ID, $author->user_nicename) . '"'; $link .= '<a href="' . get_author_rss_link(0, $author->ID, $author->user_nicename) . '"';
if (! empty($feed)) { if (! empty($feed)) {
$title = ' title="' . stripslashes($feed) . '"'; $title = ' title="' . $feed . '"';
$alt = ' alt="' . stripslashes($feed) . '"'; $alt = ' alt="' . $feed . '"';
$name = stripslashes($feed); $name = $feed;
$link .= $title; $link .= $title;
} }

View File

@ -68,7 +68,7 @@ function the_category($seperator = '', $parents='') {
if ('' == $seperator) { if ('' == $seperator) {
$thelist .= '<ul class="post-categories">'; $thelist .= '<ul class="post-categories">';
foreach ($categories as $category) { foreach ($categories as $category) {
$category->cat_name = stripslashes($category->cat_name); $category->cat_name = $category->cat_name;
$thelist .= "\n\t<li>"; $thelist .= "\n\t<li>";
switch(strtolower($parents)) { switch(strtolower($parents)) {
case 'multiple': case 'multiple':
@ -93,7 +93,7 @@ function the_category($seperator = '', $parents='') {
} else { } else {
$i = 0; $i = 0;
foreach ($categories as $category) { foreach ($categories as $category) {
$category->cat_name = stripslashes($category->cat_name); $category->cat_name = $category->cat_name;
if (0 < $i) $thelist .= $seperator . ' '; if (0 < $i) $thelist .= $seperator . ' ';
switch(strtolower($parents)) { switch(strtolower($parents)) {
case 'multiple': case 'multiple':
@ -117,7 +117,7 @@ function the_category_rss($type = 'rss') {
$categories = get_the_category(); $categories = get_the_category();
$the_list = ''; $the_list = '';
foreach ($categories as $category) { foreach ($categories as $category) {
$category->cat_name = stripslashes(convert_chars($category->cat_name)); $category->cat_name = convert_chars($category->cat_name);
if ('rdf' == $type) { if ('rdf' == $type) {
$the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>"; $the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>";
} else { } else {
@ -135,7 +135,7 @@ function get_the_category_by_ID($cat_ID) {
} else { } else {
$cat_name = $cache_categories[$cat_ID]->cat_name; $cat_name = $cache_categories[$cat_ID]->cat_name;
} }
return(stripslashes($cat_name)); return($cat_name);
} }
function get_category_parents($id, $link = FALSE, $separator = '/', $nicename = FALSE){ function get_category_parents($id, $link = FALSE, $separator = '/', $nicename = FALSE){
@ -242,7 +242,7 @@ function dropdown_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_
if ($category->cat_ID == $selected) if ($category->cat_ID == $selected)
echo ' selected="selected"'; echo ' selected="selected"';
echo '>'; echo '>';
echo stripslashes($cat_name); echo $cat_name;
if (intval($optioncount) == 1) echo '&nbsp;&nbsp;('.$category->cat_count.')'; if (intval($optioncount) == 1) echo '&nbsp;&nbsp;('.$category->cat_count.')';
if (intval($optiondates) == 1) echo '&nbsp;&nbsp;'.$category->lastday.'/'.$category->lastmonth; if (intval($optiondates) == 1) echo '&nbsp;&nbsp;'.$category->lastday.'/'.$category->lastmonth;
echo "</option>\n"; echo "</option>\n";
@ -359,7 +359,7 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
$link .= 'title="' . htmlspecialchars($category->category_description) . '"'; $link .= 'title="' . htmlspecialchars($category->category_description) . '"';
} }
$link .= '>'; $link .= '>';
$link .= apply_filters('list_cats', stripslashes($category->cat_name)).'</a>'; $link .= apply_filters('list_cats', $category->cat_name).'</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) { if ( (! empty($feed_image)) || (! empty($feed)) ) {
@ -372,9 +372,9 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
$link .= '<a href="' . get_category_rss_link(0, $category->cat_ID, $category->category_nicename) . '"'; $link .= '<a href="' . get_category_rss_link(0, $category->cat_ID, $category->category_nicename) . '"';
if ( !empty($feed) ) { if ( !empty($feed) ) {
$title = ' title="' . stripslashes($feed) . '"'; $title = ' title="' . $feed . '"';
$alt = ' alt="' . stripslashes($feed) . '"'; $alt = ' alt="' . $feed . '"';
$name = stripslashes($feed); $name = $feed;
$link .= $title; $link .= $title;
} }

View File

@ -160,7 +160,7 @@ function comment_author_email_link($linktext='', $before='', $after='') {
global $comment; global $comment;
$email = apply_filters('comment_email', $comment->comment_author_email); $email = apply_filters('comment_email', $comment->comment_author_email);
if ((!empty($email)) && ($email != '@')) { if ((!empty($email)) && ($email != '@')) {
$display = ($linktext != '') ? $linktext : stripslashes($email); $display = ($linktext != '') ? $linktext : $email;
echo $before; echo $before;
echo "<a href='mailto:$email'>$display</a>"; echo "<a href='mailto:$email'>$display</a>";
echo $after; echo $after;
@ -172,7 +172,7 @@ function comment_author_url_link($linktext='', $before='', $after='') {
$url = apply_filters('comment_url', $comment->comment_author_url); $url = apply_filters('comment_url', $comment->comment_author_url);
if ((!empty($url)) && ($url != 'http://') && ($url != 'http://url')) { if ((!empty($url)) && ($url != 'http://') && ($url != 'http://url')) {
$display = ($linktext != '') ? $linktext : stripslashes($url); $display = ($linktext != '') ? $linktext : $url;
echo "$before<a href='$url' rel='external'>$display</a>$after"; echo "$before<a href='$url' rel='external'>$display</a>$after";
} }
} }

View File

@ -72,11 +72,11 @@ function wp_title($sep = '&raquo;', $display = true) {
// If there's a category // If there's a category
if(!empty($cat)) { if(!empty($cat)) {
if (!stristr($cat,'-')) { // category excluded if (!stristr($cat,'-')) { // category excluded
$title = stripslashes(get_the_category_by_ID($cat)); $title = get_the_category_by_ID($cat);
} }
} }
if (!empty($category_name)) { if (!empty($category_name)) {
$title = stripslashes($wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'")); $title = $wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'");
} }
// If there's a month // If there's a month
@ -98,7 +98,7 @@ function wp_title($sep = '&raquo;', $display = true) {
// If there's a post // If there's a post
if ($single) { if ($single) {
$title = strip_tags(stripslashes($posts[0]->post_title)); $title = strip_tags($posts[0]->post_title);
$title = apply_filters('single_post_title', $title); $title = apply_filters('single_post_title', $title);
} }
@ -120,9 +120,9 @@ function single_post_title($prefix = '', $display = true) {
$title = $post_data['Title']; $title = $post_data['Title'];
$title = apply_filters('single_post_title', $title); $title = apply_filters('single_post_title', $title);
if ($display) { if ($display) {
echo $prefix.strip_tags(stripslashes($title)); echo $prefix.strip_tags($title);
} else { } else {
return strip_tags(stripslashes($title)); return strip_tags($title);
} }
} }
} }
@ -133,9 +133,9 @@ function single_cat_title($prefix = '', $display = true ) {
$my_cat_name = get_the_category_by_ID($cat); $my_cat_name = get_the_category_by_ID($cat);
if(!empty($my_cat_name)) { if(!empty($my_cat_name)) {
if ($display) if ($display)
echo $prefix.strip_tags(stripslashes($my_cat_name)); echo $prefix.strip_tags($my_cat_name);
else else
return strip_tags(stripslashes($my_cat_name)); return strip_tags($my_cat_name);
} }
} }
} }
@ -267,7 +267,7 @@ function get_archives($type='', $limit='', $format='html', $before = '', $after
foreach ($arcresults as $arcresult) { foreach ($arcresults as $arcresult) {
if ($arcresult->post_date != '0000-00-00 00:00:00') { if ($arcresult->post_date != '0000-00-00 00:00:00') {
$url = get_permalink($arcresult->ID); $url = get_permalink($arcresult->ID);
$arc_title = stripslashes($arcresult->post_title); $arc_title = $arcresult->post_title;
if ($arc_title) { if ($arc_title) {
$text = strip_tags($arc_title); $text = strip_tags($arc_title);
} else { } else {
@ -419,9 +419,9 @@ function get_calendar($daylength = 1) {
$ak_titles_for_day['day_'.$ak_post_title->dom] = ''; $ak_titles_for_day['day_'.$ak_post_title->dom] = '';
} }
if (empty($ak_titles_for_day["$ak_post_title->dom"])) { // first one if (empty($ak_titles_for_day["$ak_post_title->dom"])) { // first one
$ak_titles_for_day["$ak_post_title->dom"] = str_replace('"', '&quot;', wptexturize(stripslashes($ak_post_title->post_title))); $ak_titles_for_day["$ak_post_title->dom"] = str_replace('"', '&quot;', wptexturize($ak_post_title->post_title));
} else { } else {
$ak_titles_for_day["$ak_post_title->dom"] .= $ak_title_separator . str_replace('"', '&quot;', wptexturize(stripslashes($ak_post_title->post_title))); $ak_titles_for_day["$ak_post_title->dom"] .= $ak_title_separator . str_replace('"', '&quot;', wptexturize($ak_post_title->post_title));
} }
} }
} }

View File

@ -255,7 +255,7 @@ function previous_post($format='%', $previous='previous post: ', $title='yes', $
if ($lastpost) { if ($lastpost) {
$string = '<a href="'.get_permalink($lastpost->ID).'">'.$previous; $string = '<a href="'.get_permalink($lastpost->ID).'">'.$previous;
if ($title == 'yes') { if ($title == 'yes') {
$string .= wptexturize(stripslashes($lastpost->post_title)); $string .= wptexturize($lastpost->post_title);
} }
$string .= '</a>'; $string .= '</a>';
$format = str_replace('%', $string, $format); $format = str_replace('%', $string, $format);
@ -293,7 +293,7 @@ function next_post($format='%', $next='next post: ', $title='yes', $in_same_cat=
if ($nextpost) { if ($nextpost) {
$string = '<a href="'.get_permalink($nextpost->ID).'">'.$next; $string = '<a href="'.get_permalink($nextpost->ID).'">'.$next;
if ($title=='yes') { if ($title=='yes') {
$string .= wptexturize(stripslashes($nextpost->post_title)); $string .= wptexturize($nextpost->post_title);
} }
$string .= '</a>'; $string .= '</a>';
$format = str_replace('%', $string, $format); $format = str_replace('%', $string, $format);

View File

@ -2,6 +2,6 @@
// This just holds the version number, in a separate file so we can bump it without cluttering the CVS // This just holds the version number, in a separate file so we can bump it without cluttering the CVS
$wp_version = '1.3-pre-alpha'; $wp_version = '1.3-alpha';
?> ?>