Don't stripslashes() in plugin_basename() since this breaks established expectation of being able to pass a non-escaped FILE. Instead, stripslashes further up the stack. fixes #1866

git-svn-id: http://svn.automattic.com/wordpress/trunk@3139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-11-17 23:01:28 +00:00 · 2005-11-17 23:01:28 +00:00 · 90004a8ae6
parent f237c0bf41
commit 90004a8ae6
2 changed files with 1 additions and 1 deletions
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@ -41,6 +41,7 @@ require(ABSPATH . '/wp-admin/menu.php');

 // Handle plugin admin pages.
 if (isset($_GET['page'])) {
+	$plugin_page = stripslashes($_GET['page']);
 	$plugin_page = plugin_basename($_GET['page']);
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);

--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -2142,7 +2142,6 @@ function register_deactivation_hook($file, $function) {

 function plugin_basename($file) {
 	$file = preg_replace('/^.*wp-content[\\\\\/]plugins[\\\\\/]/', '', $file);
-	$file = stripslashes($file);
 	return $file;
 }