WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

In ms-functions.php, remove unnecessary slashing, don't strip the return of get_site_option, s/stripslashes*/wp_unslash/. 

see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan Boren 2013-03-03 16:55:53 +00:00
parent 15a06a35ab
commit c08e7e0a12
1 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
wp-includes/ms-functions.php
View File

@ -279,9 +279,6 @@ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') {
* @return int The ID of the newly created blog
*/
function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) {
$domain = addslashes( $domain );
$weblog_title = addslashes( $weblog_title );
if ( empty($path) )
$path = '/';
@ -582,7 +579,7 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') {
$blogname = apply_filters( 'newblogname', $blogname );
$blog_title = stripslashes( $blog_title );
$blog_title = wp_unslash( $blog_title );
if ( empty( $blog_title ) )
$errors->add('blog_title', __( 'Please enter a site title.' ) );
@ -636,9 +633,6 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = ''
$key = substr( md5( time() . rand() . $domain ), 0, 16 );
$meta = serialize($meta);
$domain = $wpdb->escape($domain);
$path = $wpdb->escape($path);
$title = $wpdb->escape($title);
$wpdb->insert( $wpdb->signups, array(
'domain' => $domain,
@ -840,14 +834,12 @@ function wpmu_activate_signup($key) {
}
$meta = maybe_unserialize($signup->meta);
$user_login = $wpdb->escape($signup->user_login);
$user_email = $wpdb->escape($signup->user_email);
$password = wp_generate_password( 12, false );
$user_id = username_exists($user_login);
if ( ! $user_id )
$user_id = wpmu_create_user($user_login, $password, $user_email);
$user_id = wpmu_create_user($signup->user_login, $password, $signup->user_email);
else
$user_already_exists = true;
@ -1024,7 +1016,7 @@ function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) {
URL: %2$s
Remote IP: %3$s
Disable these notifications: %4$s' ), $blogname, $siteurl, $_SERVER['REMOTE_ADDR'], $options_site_url);
Disable these notifications: %4$s' ), $blogname, $siteurl, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url);
$msg = apply_filters( 'newblog_notify_siteadmin', $msg );
wp_mail( $email, sprintf( __( 'New Site Registration: %s' ), $siteurl ), $msg );
@ -1058,7 +1050,7 @@ function newuser_notify_siteadmin( $user_id ) {
$msg = sprintf(__('New User: %1$s
Remote IP: %2$s
Disable these notifications: %3$s'), $user->user_login, $_SERVER['REMOTE_ADDR'], $options_site_url);
Disable these notifications: %3$s'), $user->user_login, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url);
$msg = apply_filters( 'newuser_notify_siteadmin', $msg, $user );
wp_mail( $email, sprintf(__('New User Registration: %s'), $user->user_login), $msg );
@ -1157,7 +1149,7 @@ function install_blog($blog_id, $blog_title = '') {
else
update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) );
update_option( 'blogname', stripslashes( $blog_title ) );
update_option( 'blogname', wp_unslash( $blog_title ) );
update_option( 'admin_email', '' );
// remove all perms
@ -1214,9 +1206,9 @@ function wpmu_welcome_notification($blog_id, $user_id, $password, $title, $meta
if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) )
return false;
$welcome_email = stripslashes( get_site_option( 'welcome_email' ) );
$welcome_email = get_site_option( 'welcome_email' );
if ( $welcome_email == false )
$welcome_email = stripslashes( __( 'Dear User,
$welcome_email = __( 'Dear User,
Your new SITE_NAME site has been successfully set up at:
BLOG_URL
@ -1228,7 +1220,7 @@ Log in here: BLOG_URLwp-login.php
We hope you enjoy your new site. Thanks!
--The Team @ SITE_NAME' ) );
--The Team @ SITE_NAME' );
$url = get_blogaddress_by_id($blog_id);
$user = get_userdata( $user_id );
@ -1252,7 +1244,7 @@ We hope you enjoy your new site. Thanks!
if ( empty( $current_site->site_name ) )
$current_site->site_name = 'WordPress';
$subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) );
$subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, wp_unslash( $title ) ) );
wp_mail($user->user_email, $subject, $message, $message_headers);
return true;
}
@ -1481,7 +1473,7 @@ function update_posts_count( $deprecated = '' ) {
function wpmu_log_new_registrations( $blog_id, $user_id ) {
global $wpdb;
$user = get_userdata( (int) $user_id );
$wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
$wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) );
}
/**