From 80121a74d2432950baff77df936ce500f97460c3 Mon Sep 17 00:00:00 2001
From: saxmatt <saxmatt@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Tue, 27 Apr 2004 13:24:47 +0000
Subject: [PATCH] Fixes from forum thread: http://wordpress.org/support/6/4615.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/categories.php | 6 +++---
 wp-admin/post.php       | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/wp-admin/categories.php b/wp-admin/categories.php
index 7df98f0060..fe428f645e 100644
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -122,10 +122,10 @@ case 'editedcat':
     if ($user_level < 3)
         die (__('Cheatin&#8217; uh?'));
     
-    $cat_name = addslashes(stripslashes(stripslashes($_POST['cat_name'])));
-    $cat_ID = addslashes($_POST['cat_ID']);
+    $cat_name = $wpdb->escape(stripslashes($_POST['cat_name']));
+    $cat_ID = (int) $_POST['cat_ID'];
     $category_nicename = sanitize_title($cat_name);
-    $category_description = $_POST['category_description'];
+    $category_description = $wpdb->escape(stripslashes($_POST['category_description']));
 
     $wpdb->query("UPDATE $tablecategories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = $cat WHERE cat_ID = $cat_ID");
     
diff --git a/wp-admin/post.php b/wp-admin/post.php
index 32f2de1877..3e403dfb01 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -756,7 +756,7 @@ function oneclickbookmarklet(blah) {
     <?php
 } else if ($is_macIE) {
 ?>
-    <a href="javascript:Q='';if(top.frames.length==0);void(btw=window.open('<?php echo get_settings('siteurl'); ?>/wp-admin/bookmarklet.php?text='+escape(document.getSelection())+'&popupurl='+escape(location.href)+'&popuptitle='+escape(document.title)+'<?php echo $bookmarklet_tbpb ?>','bookmarklet','scrollbars=yes,width=600,height=<?php echo $bookmarklet_height ?>,left=100,top=150,status=yes'));btw.focus();"><?php prtinf(__('Press it - %s'), get_settings('blogname')); ?></a> 
+    <a href="javascript:Q='';if(top.frames.length==0);void(btw=window.open('<?php echo get_settings('siteurl'); ?>/wp-admin/bookmarklet.php?text='+escape(document.getSelection())+'&popupurl='+escape(location.href)+'&popuptitle='+escape(document.title)+'<?php echo $bookmarklet_tbpb ?>','bookmarklet','scrollbars=yes,width=600,height=<?php echo $bookmarklet_height ?>,left=100,top=150,status=yes'));btw.focus();"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a> 
     <?php
 }
 ?>