stripslashes() elimination. Remove extra slashes during upgrade. Bugs 0000059 and 0000018
git-svn-id: http://svn.automattic.com/wordpress/trunk@1435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
c222d7d2e0
commit
6fd6b1080d
|
@ -80,7 +80,7 @@ function get_nested_categories($default = 0, $parent = 0) {
|
|||
$result[$cat]['children'] = get_nested_categories($default, $cat);
|
||||
$result[$cat]['cat_ID'] = $cat;
|
||||
$result[$cat]['checked'] = in_array($cat, $checked_categories);
|
||||
$result[$cat]['cat_name'] = stripslashes(get_the_category_by_ID($cat));
|
||||
$result[$cat]['cat_name'] = get_the_category_by_ID($cat);
|
||||
}
|
||||
|
||||
return $result;
|
||||
|
|
|
@ -87,7 +87,6 @@ switch ($action) {
|
|||
|
||||
$cat_id = $_GET['cat_id'];
|
||||
$cat_name=get_linkcatname($cat_id);
|
||||
$cat_name=addslashes($cat_name);
|
||||
|
||||
if ($cat_id=="1")
|
||||
die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name));
|
||||
|
@ -132,7 +131,7 @@ switch ($action) {
|
|||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||
<tr>
|
||||
<th width="33%" scope="row"><?php _e('Name:') ?></th>
|
||||
<td width="67%"><input name="cat_name" type="text" value="<?php echo stripslashes($row->cat_name)?>" size="30" /></td>
|
||||
<td width="67%"><input name="cat_name" type="text" value="<?php echo $row->cat_name?>" size="30" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><?php _e('Show:') ?></th>
|
||||
|
@ -190,15 +189,15 @@ switch ($action) {
|
|||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||
<tr>
|
||||
<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
|
||||
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_before_link))?>" /></td>
|
||||
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars($row->text_before_link)?>" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><?php _e('Between Link and Description:') ?></th>
|
||||
<td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_after_link))?>" /></td>
|
||||
<td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars($row->text_after_link)?>" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th scope="row"><?php _e('After Link:') ?></th>
|
||||
<td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_after_all))?>"/></td>
|
||||
<td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars($row->text_after_all)?>"/></td>
|
||||
</tr>
|
||||
</table>
|
||||
</fieldset>
|
||||
|
@ -223,7 +222,7 @@ switch ($action) {
|
|||
|
||||
$cat_id=$_POST["cat_id"];
|
||||
|
||||
$cat_name=addslashes(stripslashes($_POST["cat_name"]));
|
||||
$cat_name= $_POST["cat_name"];
|
||||
$auto_toggle = $_POST["auto_toggle"];
|
||||
if ($auto_toggle != 'Y') {
|
||||
$auto_toggle = 'N';
|
||||
|
@ -333,7 +332,7 @@ foreach ($results as $row) {
|
|||
$style = ($i % 2) ? ' class="alternate"' : '';
|
||||
?>
|
||||
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
|
||||
<td><?php echo stripslashes($row->cat_name)?></td>
|
||||
<td><?php echo $row->cat_name?></td>
|
||||
<td ><?php echo $row->cat_id?></td>
|
||||
<td><?php echo $row->auto_toggle?></td>
|
||||
<td><?php echo $row->show_images?></td>
|
||||
|
|
|
@ -312,16 +312,16 @@ switch ($action) {
|
|||
WHERE link_id = $link_id");
|
||||
|
||||
if ($row) {
|
||||
$link_url = stripslashes($row->link_url);
|
||||
$link_name = stripslashes($row->link_name);
|
||||
$link_url = $row->link_url;
|
||||
$link_name = $row->link_name;
|
||||
$link_image = $row->link_image;
|
||||
$link_target = $row->link_target;
|
||||
$link_category = $row->link_category;
|
||||
$link_description = stripslashes($row->link_description);
|
||||
$link_description = $row->link_description;
|
||||
$link_visible = $row->link_visible;
|
||||
$link_rating = $row->link_rating;
|
||||
$link_rel = stripslashes($row->link_rel);
|
||||
$link_notes = stripslashes($row->link_notes);
|
||||
$link_rel = $row->link_rel;
|
||||
$link_notes = $row->link_notes;
|
||||
$link_rss_uri = $row->link_rss;
|
||||
}
|
||||
|
||||
|
@ -690,17 +690,13 @@ function checkAll(form)
|
|||
$links = $wpdb->get_results($sql);
|
||||
if ($links) {
|
||||
foreach ($links as $link) {
|
||||
$short_url = str_replace('http://', '', stripslashes($link->link_url));
|
||||
$short_url = str_replace('http://', '', $link->link_url);
|
||||
$short_url = str_replace('www.', '', $short_url);
|
||||
if ('/' == substr($short_url, -1))
|
||||
$short_url = substr($short_url, 0, -1);
|
||||
if (strlen($short_url) > 35)
|
||||
$short_url = substr($short_url, 0, 32).'...';
|
||||
|
||||
$link->link_name = stripslashes($link->link_name);
|
||||
$link->category = stripslashes($link->category);
|
||||
$link->link_rel = stripslashes($link->link_rel);
|
||||
$link->link_description = stripslashes($link->link_description);
|
||||
$image = ($link->link_image != null) ? __('Yes') : __('No');
|
||||
$visible = ($link->link_visible == 'Y') ? __('Yes') : __('No');
|
||||
++$i;
|
||||
|
|
|
@ -40,5 +40,5 @@ get_settings('use_fileupload') &&
|
|||
?>
|
||||
<li><a href="<?php echo get_settings('home') . '/' . get_settings('blogfilename'); ?>" title="<?php _e('View your site') ?>"><?php _e('View site') ?> »</a></li>
|
||||
<li class="last"><a href="<?php echo get_settings('siteurl')
|
||||
?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), stripslashes($user_nickname)) ?></a></li>
|
||||
?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), $user_nickname) ?></a></li>
|
||||
</ul>
|
||||
|
|
|
@ -75,7 +75,7 @@ $nonbools = array('default_ping_status', 'default_comment_status');
|
|||
foreach ($options as $option) {
|
||||
// should we even bother checking?
|
||||
if ($user_level >= $option->option_admin_level) {
|
||||
$old_val = stripslashes($option->option_value);
|
||||
$old_val = $option->option_value;
|
||||
$new_val = $_POST[$option->option_name];
|
||||
if (!$new_val) {
|
||||
if (3 == $option->option_type)
|
||||
|
|
|
@ -83,19 +83,19 @@ case 'update':
|
|||
setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
|
||||
}
|
||||
|
||||
$newuser_firstname=addslashes(stripslashes($_POST['newuser_firstname']));
|
||||
$newuser_lastname=addslashes(stripslashes($_POST['newuser_lastname']));
|
||||
$newuser_nickname=addslashes(stripslashes($_POST['newuser_nickname']));
|
||||
$newuser_firstname=$_POST['newuser_firstname'];
|
||||
$newuser_lastname=$_POST['newuser_lastname'];
|
||||
$newuser_nickname=$_POST['newuser_nickname'];
|
||||
$newuser_nicename=sanitize_title($newuser_nickname);
|
||||
$newuser_icq=addslashes(stripslashes($_POST['newuser_icq']));
|
||||
$newuser_aim=addslashes(stripslashes($_POST['newuser_aim']));
|
||||
$newuser_msn=addslashes(stripslashes($_POST['newuser_msn']));
|
||||
$newuser_yim=addslashes(stripslashes($_POST['newuser_yim']));
|
||||
$newuser_email=addslashes(stripslashes($_POST['newuser_email']));
|
||||
$newuser_url=addslashes(stripslashes($_POST['newuser_url']));
|
||||
$newuser_icq=$_POST['newuser_icq'];
|
||||
$newuser_aim=$_POST['newuser_aim'];
|
||||
$newuser_msn=$_POST['newuser_msn'];
|
||||
$newuser_yim=$_POST['newuser_yim'];
|
||||
$newuser_email=$_POST['newuser_email'];
|
||||
$newuser_url=$_POST['newuser_url'];
|
||||
$newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url;
|
||||
$newuser_idmode=addslashes(stripslashes($_POST['newuser_idmode']));
|
||||
$user_description = addslashes(stripslashes($_POST['user_description']));
|
||||
$newuser_idmode=$_POST['newuser_idmode'];
|
||||
$user_description = $_POST['user_description'];
|
||||
|
||||
$query = "UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID";
|
||||
$result = $wpdb->query($query);
|
||||
|
|
|
@ -90,6 +90,23 @@ function get_alloptions_110() {
|
|||
return $all_options;
|
||||
}
|
||||
|
||||
function deslash($content) {
|
||||
// Note: \\\ inside a regex denotes a single backslash.
|
||||
|
||||
// Replace one or more backslashes followed by a single quote with
|
||||
// a single quote.
|
||||
$content = preg_replace("/\\\+'/", "'", $content);
|
||||
|
||||
// Replace one or more backslashes followed by a double quote with
|
||||
// a double quote.
|
||||
$content = preg_replace('/\\\+"/', '"', $content);
|
||||
|
||||
// Replace one or more backslashes with one backslash.
|
||||
$content = preg_replace("/\\\+/", "\\", $content);
|
||||
|
||||
return $content;
|
||||
}
|
||||
|
||||
// .71 stuff
|
||||
|
||||
function upgrade_071() {
|
||||
|
@ -871,6 +888,27 @@ function upgrade_130() {
|
|||
foreach ($fatoptions as $fatoption) :
|
||||
$wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'");
|
||||
endforeach;
|
||||
|
||||
// Remove extraneous backslashes.
|
||||
$posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt FROM $wpdb->posts");
|
||||
if ($posts) {
|
||||
foreach($posts as $post) {
|
||||
$post_content = addslashes(deslash($post->post_content));
|
||||
$post_title = addslashes(deslash($post->post_title));
|
||||
$post_excerpt = addslashes(deslash($post->post_excerpt));
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt' WHERE ID = '$post->ID'");
|
||||
}
|
||||
}
|
||||
|
||||
// Remove extraneous backslashes.
|
||||
$comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments");
|
||||
if ($comments) {
|
||||
foreach($comments as $comment) {
|
||||
$comment_content = addslashes(deslash($comment->comment_content));
|
||||
$comment_author = addslashes(deslash($comment->comment_author));
|
||||
$wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -70,13 +70,7 @@ case 'adduser':
|
|||
return false;
|
||||
}
|
||||
|
||||
$user_login = addslashes(stripslashes($user_login));
|
||||
$pass1 = addslashes(stripslashes($pass1));
|
||||
$user_nickname = addslashes(stripslashes($user_nickname));
|
||||
$user_nicename = sanitize_title($user_nickname);
|
||||
$user_firstname = addslashes(stripslashes($user_firstname));
|
||||
$user_lastname = addslashes(stripslashes($user_lastname));
|
||||
$user_uri = addslashes(stripslashes($user_uri));
|
||||
$user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri;
|
||||
$now = gmdate('Y-m-d H:i:s');
|
||||
$new_users_can_blog = get_settings('new_users_can_blog');
|
||||
|
@ -95,6 +89,7 @@ case 'adduser':
|
|||
$stars .= '*';
|
||||
}
|
||||
|
||||
$user_login = stripslashes($user_login);
|
||||
$message = 'New user registration on your blog ' . get_settings('blogname') . ":\r\n\r\n";
|
||||
$message .= "Login: $user_login\r\n\r\nE-mail: $user_email";
|
||||
|
||||
|
@ -204,7 +199,7 @@ default:
|
|||
$user_data = get_userdata($user->ID);
|
||||
$email = $user_data->user_email;
|
||||
$url = $user_data->user_url;
|
||||
$short_url = str_replace('http://', '', stripslashes($url));
|
||||
$short_url = str_replace('http://', '', $url);
|
||||
$short_url = str_replace('www.', '', $short_url);
|
||||
if ('/' == substr($short_url, -1))
|
||||
$short_url = substr($short_url, 0, -1);
|
||||
|
@ -255,7 +250,7 @@ default:
|
|||
$user_data = get_userdata($user->ID);
|
||||
$email = $user_data->user_email;
|
||||
$url = $user_data->user_url;
|
||||
$short_url = str_replace('http://', '', stripslashes($url));
|
||||
$short_url = str_replace('http://', '', $url);
|
||||
$short_url = str_replace('www.', '', $short_url);
|
||||
if ('/' == substr($short_url, -1))
|
||||
$short_url = substr($short_url, 0, -1);
|
||||
|
|
|
@ -50,7 +50,6 @@ function wptexturize($text) {
|
|||
}
|
||||
|
||||
function clean_pre($text) {
|
||||
$text = stripslashes($text);
|
||||
$text = str_replace('<br />', '', $text);
|
||||
return $text;
|
||||
}
|
||||
|
|
|
@ -166,16 +166,11 @@ function get_currentuserinfo() { // a bit like get_userdata(), on steroids
|
|||
function get_userdata($userid) {
|
||||
global $wpdb, $cache_userdata;
|
||||
if ( empty($cache_userdata[$userid]) ) {
|
||||
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$userid'");
|
||||
$user->user_nickname = stripslashes($user->user_nickname);
|
||||
$user->user_firstname = stripslashes($user->user_firstname);
|
||||
$user->user_lastname = stripslashes($user->user_lastname);
|
||||
$user->user_description = stripslashes($user->user_description);
|
||||
$cache_userdata[$userid] = $user;
|
||||
} else {
|
||||
$user = $cache_userdata[$userid];
|
||||
$cache_userdata[$userid] =
|
||||
$wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$userid'");
|
||||
}
|
||||
return $user;
|
||||
|
||||
return $cache_userdata[$userid];
|
||||
}
|
||||
|
||||
function get_userdatabylogin($user_login) {
|
||||
|
@ -315,7 +310,7 @@ function get_alloptions() {
|
|||
if ('siteurl' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
|
||||
if ('home' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
|
||||
if ('category_base' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
|
||||
$all_options->{$option->option_name} = stripslashes($option->option_value);
|
||||
$all_options->{$option->option_name} = $option->option_value;
|
||||
}
|
||||
}
|
||||
return $all_options;
|
||||
|
@ -323,7 +318,7 @@ function get_alloptions() {
|
|||
|
||||
function update_option($option_name, $newvalue) {
|
||||
global $wpdb, $cache_settings;
|
||||
$newvalue = stripslashes($newvalue);
|
||||
$newvalue = $newvalue;
|
||||
$newvalue = trim($newvalue); // I can't think of any situation we wouldn't want to trim
|
||||
$newvalue = $wpdb->escape($newvalue);
|
||||
$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
|
||||
|
@ -516,9 +511,9 @@ add_action('publish_post', 'generic_ping');
|
|||
// Send a Trackback
|
||||
function trackback($trackback_url, $title, $excerpt, $ID) {
|
||||
global $wpdb;
|
||||
$title = urlencode(stripslashes($title));
|
||||
$excerpt = urlencode(stripslashes($excerpt));
|
||||
$blog_name = urlencode(stripslashes(get_settings('blogname')));
|
||||
$title = urlencode($title);
|
||||
$excerpt = urlencode($excerpt);
|
||||
$blog_name = urlencode(get_settings('blogname'));
|
||||
$tb_url = $trackback_url;
|
||||
$url = urlencode(get_permalink($ID));
|
||||
$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
|
||||
|
@ -932,38 +927,38 @@ function wp_notify_postauthor($comment_id, $comment_type='comment') {
|
|||
|
||||
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
|
||||
|
||||
$blogname = stripslashes(get_settings('blogname'));
|
||||
$blogname = get_settings('blogname');
|
||||
|
||||
if ('comment' == $comment_type) {
|
||||
$notify_message = "New comment on your post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
|
||||
$notify_message = "New comment on your post #$comment->comment_post_ID \"".$post->post_title."\"\r\n\r\n";
|
||||
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
|
||||
$notify_message .= "E-mail : $comment->comment_author_email\r\n";
|
||||
$notify_message .= "URI : $comment->comment_author_url\r\n";
|
||||
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
|
||||
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
|
||||
$notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
|
||||
$notify_message .= "You can see all comments on this post here: \r\n";
|
||||
$subject = '[' . $blogname . '] Comment: "' .stripslashes($post->post_title).'"';
|
||||
$subject = '[' . $blogname . '] Comment: "' .$post->post_title.'"';
|
||||
} elseif ('trackback' == $comment_type) {
|
||||
$notify_message = "New trackback on your post #$comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
|
||||
$notify_message = "New trackback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
|
||||
$notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
|
||||
$notify_message .= "URI : $comment->comment_author_url\r\n";
|
||||
$notify_message .= "Excerpt: \n".stripslashes($comment->comment_content)."\r\n\r\n";
|
||||
$notify_message .= "Excerpt: \n".$comment->comment_content."\r\n\r\n";
|
||||
$notify_message .= "You can see all trackbacks on this post here: \r\n";
|
||||
$subject = '[' . $blogname . '] Trackback: "' .stripslashes($post->post_title).'"';
|
||||
$subject = '[' . $blogname . '] Trackback: "' .$post->post_title.'"';
|
||||
} elseif ('pingback' == $comment_type) {
|
||||
$notify_message = "New pingback on your post #$comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
|
||||
$notify_message = "New pingback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
|
||||
$notify_message .= "Website: $comment->comment_author\r\n";
|
||||
$notify_message .= "URI : $comment->comment_author_url\r\n";
|
||||
$notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n";
|
||||
$notify_message .= "You can see all pingbacks on this post here: \r\n";
|
||||
$subject = '[' . $blogname . '] Pingback: "' .stripslashes($post->post_title).'"';
|
||||
$subject = '[' . $blogname . '] Pingback: "' .$post->post_title.'"';
|
||||
}
|
||||
$notify_message .= get_permalink($comment->comment_post_ID) . '#comments';
|
||||
|
||||
if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
|
||||
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
|
||||
} else {
|
||||
$from = 'From: "' . stripslashes($comment->comment_author) . "\" <$comment->comment_author_email>";
|
||||
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
|
||||
}
|
||||
|
||||
$message_headers = "MIME-Version: 1.0\r\n"
|
||||
|
@ -991,18 +986,18 @@ function wp_notify_moderator($comment_id) {
|
|||
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
|
||||
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
|
||||
|
||||
$notify_message = "A new comment on the post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\" is waiting for your approval\r\n\r\n";
|
||||
$notify_message = "A new comment on the post #$comment->comment_post_ID \"".$post->post_title."\" is waiting for your approval\r\n\r\n";
|
||||
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
|
||||
$notify_message .= "E-mail : $comment->comment_author_email\r\n";
|
||||
$notify_message .= "URL : $comment->comment_author_url\r\n";
|
||||
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
|
||||
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
|
||||
$notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
|
||||
$notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
|
||||
$notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
|
||||
$notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
|
||||
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
|
||||
|
||||
$subject = '[' . stripslashes(get_settings('blogname')) . '] Please approve: "' .stripslashes($post->post_title).'"';
|
||||
$subject = '[' . get_settings('blogname') . '] Please approve: "' .$post->post_title.'"';
|
||||
$admin_email = get_settings("admin_email");
|
||||
$from = "From: $admin_email";
|
||||
|
||||
|
|
|
@ -176,14 +176,14 @@ function get_links($category = -1, $before = '', $after = '<br />',
|
|||
}
|
||||
$the_link = '#';
|
||||
if (($row->link_url != null) && ($row->link_url != '')) {
|
||||
$the_link = htmlspecialchars(stripslashes($row->link_url));
|
||||
$the_link = htmlspecialchars($row->link_url);
|
||||
}
|
||||
$rel = stripslashes($row->link_rel);
|
||||
$rel = $row->link_rel;
|
||||
if ($rel != '') {
|
||||
$rel = " rel='$rel'";
|
||||
}
|
||||
$desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES);
|
||||
$name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES);
|
||||
$desc = htmlspecialchars($row->link_description, ENT_QUOTES);
|
||||
$name = htmlspecialchars($row->link_name, ENT_QUOTES);
|
||||
|
||||
$title = $desc;
|
||||
|
||||
|
@ -273,7 +273,7 @@ function get_links($category = -1, $before = '', $after = '<br />',
|
|||
** Use this like:
|
||||
** $links = get_linkobjectsbyname('fred');
|
||||
** foreach ($links as $link) {
|
||||
** echo '<li>'.stripslashes($link->link_name).'</li>';
|
||||
** echo '<li>'.$link->link_name.'</li>';
|
||||
** }
|
||||
**/
|
||||
function get_linkobjectsbyname($cat_name = "noname" , $orderby = 'name', $limit = -1) {
|
||||
|
@ -350,10 +350,10 @@ function get_linkobjects($category = -1, $orderby = 'name', $limit = -1) {
|
|||
$results = $wpdb->get_results($sql);
|
||||
if ($results) {
|
||||
foreach ($results as $result) {
|
||||
$result->link_url = stripslashes($result->link_url);
|
||||
$result->link_name = stripslashes($result->link_name);
|
||||
$result->link_description = stripslashes($result->link_description);
|
||||
$result->link_notes = stripslashes($result->link_notes);
|
||||
$result->link_url = $result->link_url;
|
||||
$result->link_name = $result->link_name;
|
||||
$result->link_description = $result->link_description;
|
||||
$result->link_notes = $result->link_notes;
|
||||
$newresults[] = $result;
|
||||
}
|
||||
}
|
||||
|
@ -464,7 +464,7 @@ function get_linkcatname($id = 0) {
|
|||
if ('' != $id) {
|
||||
$cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
|
||||
}
|
||||
return stripslashes($cat_name);
|
||||
return $cat_name;
|
||||
}
|
||||
|
||||
/** function get_get_autotoggle()
|
||||
|
@ -559,7 +559,7 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
|
|||
$orderby = (bool_from_yn($cat['sort_desc'])?'_':'') . $orderby;
|
||||
|
||||
// Display the category name
|
||||
echo ' <li id="'.sanitize_title($cat['cat_name']).'">' . stripslashes($cat['cat_name']) . "\n\t<ul>\n";
|
||||
echo ' <li id="'.sanitize_title($cat['cat_name']).'">' . $cat['cat_name'] . "\n\t<ul>\n";
|
||||
// Call get_links() with all the appropriate params
|
||||
get_links($cat['link_category'],
|
||||
'<li>',"</li>","\n",
|
||||
|
|
|
@ -72,7 +72,7 @@ function the_author_posts() {
|
|||
function the_author_posts_link($idmode='') {
|
||||
global $id, $authordata;
|
||||
|
||||
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . stripslashes(the_author($idmode, false)) . '</a>';
|
||||
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
|
||||
}
|
||||
|
||||
|
||||
|
@ -143,7 +143,7 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
|
|||
if ($posts == 0) {
|
||||
if (! $hide_empty) echo $name;
|
||||
} else {
|
||||
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . stripslashes($name) . '</a>';
|
||||
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . $name . '</a>';
|
||||
|
||||
if ( (! empty($feed_image)) || (! empty($feed)) ) {
|
||||
|
||||
|
@ -156,9 +156,9 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
|
|||
$link .= '<a href="' . get_author_rss_link(0, $author->ID, $author->user_nicename) . '"';
|
||||
|
||||
if (! empty($feed)) {
|
||||
$title = ' title="' . stripslashes($feed) . '"';
|
||||
$alt = ' alt="' . stripslashes($feed) . '"';
|
||||
$name = stripslashes($feed);
|
||||
$title = ' title="' . $feed . '"';
|
||||
$alt = ' alt="' . $feed . '"';
|
||||
$name = $feed;
|
||||
$link .= $title;
|
||||
}
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ function the_category($seperator = '', $parents='') {
|
|||
if ('' == $seperator) {
|
||||
$thelist .= '<ul class="post-categories">';
|
||||
foreach ($categories as $category) {
|
||||
$category->cat_name = stripslashes($category->cat_name);
|
||||
$category->cat_name = $category->cat_name;
|
||||
$thelist .= "\n\t<li>";
|
||||
switch(strtolower($parents)) {
|
||||
case 'multiple':
|
||||
|
@ -93,7 +93,7 @@ function the_category($seperator = '', $parents='') {
|
|||
} else {
|
||||
$i = 0;
|
||||
foreach ($categories as $category) {
|
||||
$category->cat_name = stripslashes($category->cat_name);
|
||||
$category->cat_name = $category->cat_name;
|
||||
if (0 < $i) $thelist .= $seperator . ' ';
|
||||
switch(strtolower($parents)) {
|
||||
case 'multiple':
|
||||
|
@ -117,7 +117,7 @@ function the_category_rss($type = 'rss') {
|
|||
$categories = get_the_category();
|
||||
$the_list = '';
|
||||
foreach ($categories as $category) {
|
||||
$category->cat_name = stripslashes(convert_chars($category->cat_name));
|
||||
$category->cat_name = convert_chars($category->cat_name);
|
||||
if ('rdf' == $type) {
|
||||
$the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>";
|
||||
} else {
|
||||
|
@ -135,7 +135,7 @@ function get_the_category_by_ID($cat_ID) {
|
|||
} else {
|
||||
$cat_name = $cache_categories[$cat_ID]->cat_name;
|
||||
}
|
||||
return(stripslashes($cat_name));
|
||||
return($cat_name);
|
||||
}
|
||||
|
||||
function get_category_parents($id, $link = FALSE, $separator = '/', $nicename = FALSE){
|
||||
|
@ -242,7 +242,7 @@ function dropdown_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_
|
|||
if ($category->cat_ID == $selected)
|
||||
echo ' selected="selected"';
|
||||
echo '>';
|
||||
echo stripslashes($cat_name);
|
||||
echo $cat_name;
|
||||
if (intval($optioncount) == 1) echo ' ('.$category->cat_count.')';
|
||||
if (intval($optiondates) == 1) echo ' '.$category->lastday.'/'.$category->lastmonth;
|
||||
echo "</option>\n";
|
||||
|
@ -359,7 +359,7 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
|
|||
$link .= 'title="' . htmlspecialchars($category->category_description) . '"';
|
||||
}
|
||||
$link .= '>';
|
||||
$link .= apply_filters('list_cats', stripslashes($category->cat_name)).'</a>';
|
||||
$link .= apply_filters('list_cats', $category->cat_name).'</a>';
|
||||
|
||||
if ( (! empty($feed_image)) || (! empty($feed)) ) {
|
||||
|
||||
|
@ -372,9 +372,9 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
|
|||
$link .= '<a href="' . get_category_rss_link(0, $category->cat_ID, $category->category_nicename) . '"';
|
||||
|
||||
if ( !empty($feed) ) {
|
||||
$title = ' title="' . stripslashes($feed) . '"';
|
||||
$alt = ' alt="' . stripslashes($feed) . '"';
|
||||
$name = stripslashes($feed);
|
||||
$title = ' title="' . $feed . '"';
|
||||
$alt = ' alt="' . $feed . '"';
|
||||
$name = $feed;
|
||||
$link .= $title;
|
||||
}
|
||||
|
||||
|
|
|
@ -160,7 +160,7 @@ function comment_author_email_link($linktext='', $before='', $after='') {
|
|||
global $comment;
|
||||
$email = apply_filters('comment_email', $comment->comment_author_email);
|
||||
if ((!empty($email)) && ($email != '@')) {
|
||||
$display = ($linktext != '') ? $linktext : stripslashes($email);
|
||||
$display = ($linktext != '') ? $linktext : $email;
|
||||
echo $before;
|
||||
echo "<a href='mailto:$email'>$display</a>";
|
||||
echo $after;
|
||||
|
@ -172,7 +172,7 @@ function comment_author_url_link($linktext='', $before='', $after='') {
|
|||
$url = apply_filters('comment_url', $comment->comment_author_url);
|
||||
|
||||
if ((!empty($url)) && ($url != 'http://') && ($url != 'http://url')) {
|
||||
$display = ($linktext != '') ? $linktext : stripslashes($url);
|
||||
$display = ($linktext != '') ? $linktext : $url;
|
||||
echo "$before<a href='$url' rel='external'>$display</a>$after";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -72,11 +72,11 @@ function wp_title($sep = '»', $display = true) {
|
|||
// If there's a category
|
||||
if(!empty($cat)) {
|
||||
if (!stristr($cat,'-')) { // category excluded
|
||||
$title = stripslashes(get_the_category_by_ID($cat));
|
||||
$title = get_the_category_by_ID($cat);
|
||||
}
|
||||
}
|
||||
if (!empty($category_name)) {
|
||||
$title = stripslashes($wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'"));
|
||||
$title = $wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'");
|
||||
}
|
||||
|
||||
// If there's a month
|
||||
|
@ -98,7 +98,7 @@ function wp_title($sep = '»', $display = true) {
|
|||
|
||||
// If there's a post
|
||||
if ($single) {
|
||||
$title = strip_tags(stripslashes($posts[0]->post_title));
|
||||
$title = strip_tags($posts[0]->post_title);
|
||||
$title = apply_filters('single_post_title', $title);
|
||||
}
|
||||
|
||||
|
@ -120,9 +120,9 @@ function single_post_title($prefix = '', $display = true) {
|
|||
$title = $post_data['Title'];
|
||||
$title = apply_filters('single_post_title', $title);
|
||||
if ($display) {
|
||||
echo $prefix.strip_tags(stripslashes($title));
|
||||
echo $prefix.strip_tags($title);
|
||||
} else {
|
||||
return strip_tags(stripslashes($title));
|
||||
return strip_tags($title);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -133,9 +133,9 @@ function single_cat_title($prefix = '', $display = true ) {
|
|||
$my_cat_name = get_the_category_by_ID($cat);
|
||||
if(!empty($my_cat_name)) {
|
||||
if ($display)
|
||||
echo $prefix.strip_tags(stripslashes($my_cat_name));
|
||||
echo $prefix.strip_tags($my_cat_name);
|
||||
else
|
||||
return strip_tags(stripslashes($my_cat_name));
|
||||
return strip_tags($my_cat_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -267,7 +267,7 @@ function get_archives($type='', $limit='', $format='html', $before = '', $after
|
|||
foreach ($arcresults as $arcresult) {
|
||||
if ($arcresult->post_date != '0000-00-00 00:00:00') {
|
||||
$url = get_permalink($arcresult->ID);
|
||||
$arc_title = stripslashes($arcresult->post_title);
|
||||
$arc_title = $arcresult->post_title;
|
||||
if ($arc_title) {
|
||||
$text = strip_tags($arc_title);
|
||||
} else {
|
||||
|
@ -419,9 +419,9 @@ function get_calendar($daylength = 1) {
|
|||
$ak_titles_for_day['day_'.$ak_post_title->dom] = '';
|
||||
}
|
||||
if (empty($ak_titles_for_day["$ak_post_title->dom"])) { // first one
|
||||
$ak_titles_for_day["$ak_post_title->dom"] = str_replace('"', '"', wptexturize(stripslashes($ak_post_title->post_title)));
|
||||
$ak_titles_for_day["$ak_post_title->dom"] = str_replace('"', '"', wptexturize($ak_post_title->post_title));
|
||||
} else {
|
||||
$ak_titles_for_day["$ak_post_title->dom"] .= $ak_title_separator . str_replace('"', '"', wptexturize(stripslashes($ak_post_title->post_title)));
|
||||
$ak_titles_for_day["$ak_post_title->dom"] .= $ak_title_separator . str_replace('"', '"', wptexturize($ak_post_title->post_title));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -255,7 +255,7 @@ function previous_post($format='%', $previous='previous post: ', $title='yes', $
|
|||
if ($lastpost) {
|
||||
$string = '<a href="'.get_permalink($lastpost->ID).'">'.$previous;
|
||||
if ($title == 'yes') {
|
||||
$string .= wptexturize(stripslashes($lastpost->post_title));
|
||||
$string .= wptexturize($lastpost->post_title);
|
||||
}
|
||||
$string .= '</a>';
|
||||
$format = str_replace('%', $string, $format);
|
||||
|
@ -293,7 +293,7 @@ function next_post($format='%', $next='next post: ', $title='yes', $in_same_cat=
|
|||
if ($nextpost) {
|
||||
$string = '<a href="'.get_permalink($nextpost->ID).'">'.$next;
|
||||
if ($title=='yes') {
|
||||
$string .= wptexturize(stripslashes($nextpost->post_title));
|
||||
$string .= wptexturize($nextpost->post_title);
|
||||
}
|
||||
$string .= '</a>';
|
||||
$format = str_replace('%', $string, $format);
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
|
||||
// This just holds the version number, in a separate file so we can bump it without cluttering the CVS
|
||||
|
||||
$wp_version = '1.3-pre-alpha';
|
||||
$wp_version = '1.3-alpha';
|
||||
|
||||
?>
|
Loading…
Reference in New Issue