GENERAL: Remove magic quote functions
The path to magic quote sanity took a fun and exciting turn: PHP core removed it and WordPress updated the minimum version. For the formally external pclzip, the code is commented out to make investigating easier and in case we ever need to merge upstream (if that still exists) changes. Props ayeshrajans, jrf, jorbin. See #47783. Fixes #18322. Built from https://develop.svn.wordpress.org/trunk@46105 git-svn-id: http://core.svn.wordpress.org/trunk@45917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
8a2bbf777a
commit
dd3ad3ac51
|
@ -5326,6 +5326,10 @@
|
||||||
{
|
{
|
||||||
$v_result=1;
|
$v_result=1;
|
||||||
|
|
||||||
|
// EDIT for WordPress 5.3.0
|
||||||
|
// magic_quote functions are deprecated in PHP 7.4, now assuming it's always off.
|
||||||
|
/*
|
||||||
|
|
||||||
// ----- Look if function exists
|
// ----- Look if function exists
|
||||||
if ( (!function_exists("get_magic_quotes_runtime"))
|
if ( (!function_exists("get_magic_quotes_runtime"))
|
||||||
|| (!function_exists("set_magic_quotes_runtime"))) {
|
|| (!function_exists("set_magic_quotes_runtime"))) {
|
||||||
|
@ -5344,6 +5348,7 @@
|
||||||
if ($this->magic_quotes_status == 1) {
|
if ($this->magic_quotes_status == 1) {
|
||||||
@set_magic_quotes_runtime(0);
|
@set_magic_quotes_runtime(0);
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
// ----- Return
|
// ----- Return
|
||||||
return $v_result;
|
return $v_result;
|
||||||
|
@ -5360,6 +5365,10 @@
|
||||||
{
|
{
|
||||||
$v_result=1;
|
$v_result=1;
|
||||||
|
|
||||||
|
// EDIT for WordPress 5.3.0
|
||||||
|
// magic_quote functions are deprecated in PHP 7.4, now assuming it's always off.
|
||||||
|
/*
|
||||||
|
|
||||||
// ----- Look if function exists
|
// ----- Look if function exists
|
||||||
if ( (!function_exists("get_magic_quotes_runtime"))
|
if ( (!function_exists("get_magic_quotes_runtime"))
|
||||||
|| (!function_exists("set_magic_quotes_runtime"))) {
|
|| (!function_exists("set_magic_quotes_runtime"))) {
|
||||||
|
@ -5376,6 +5385,7 @@
|
||||||
@set_magic_quotes_runtime($this->magic_quotes_status);
|
@set_magic_quotes_runtime($this->magic_quotes_status);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
*/
|
||||||
// ----- Return
|
// ----- Return
|
||||||
return $v_result;
|
return $v_result;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2713,10 +2713,6 @@ function untrailingslashit( $string ) {
|
||||||
* @return string Returns a string escaped with slashes.
|
* @return string Returns a string escaped with slashes.
|
||||||
*/
|
*/
|
||||||
function addslashes_gpc( $gpc ) {
|
function addslashes_gpc( $gpc ) {
|
||||||
if ( get_magic_quotes_gpc() ) {
|
|
||||||
$gpc = stripslashes( $gpc );
|
|
||||||
}
|
|
||||||
|
|
||||||
return wp_slash( $gpc );
|
return wp_slash( $gpc );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4782,8 +4778,6 @@ function map_deep( $value, $callback ) {
|
||||||
/**
|
/**
|
||||||
* Parses a string into variables to be stored in an array.
|
* Parses a string into variables to be stored in an array.
|
||||||
*
|
*
|
||||||
* Uses {@link https://secure.php.net/parse_str parse_str()} and stripslashes if
|
|
||||||
* {@link https://secure.php.net/magic_quotes magic_quotes_gpc} is on.
|
|
||||||
*
|
*
|
||||||
* @since 2.2.1
|
* @since 2.2.1
|
||||||
*
|
*
|
||||||
|
@ -4792,9 +4786,7 @@ function map_deep( $value, $callback ) {
|
||||||
*/
|
*/
|
||||||
function wp_parse_str( $string, &$array ) {
|
function wp_parse_str( $string, &$array ) {
|
||||||
parse_str( $string, $array );
|
parse_str( $string, $array );
|
||||||
if ( get_magic_quotes_gpc() ) {
|
|
||||||
$array = stripslashes_deep( $array );
|
|
||||||
}
|
|
||||||
/**
|
/**
|
||||||
* Filters the array of variables derived from a parsed string.
|
* Filters the array of variables derived from a parsed string.
|
||||||
*
|
*
|
||||||
|
|
|
@ -925,13 +925,6 @@ function wp_set_internal_encoding() {
|
||||||
* @access private
|
* @access private
|
||||||
*/
|
*/
|
||||||
function wp_magic_quotes() {
|
function wp_magic_quotes() {
|
||||||
// If already slashed, strip.
|
|
||||||
if ( get_magic_quotes_gpc() ) {
|
|
||||||
$_GET = stripslashes_deep( $_GET );
|
|
||||||
$_POST = stripslashes_deep( $_POST );
|
|
||||||
$_COOKIE = stripslashes_deep( $_COOKIE );
|
|
||||||
}
|
|
||||||
|
|
||||||
// Escape with wpdb.
|
// Escape with wpdb.
|
||||||
$_GET = add_magic_quotes( $_GET );
|
$_GET = add_magic_quotes( $_GET );
|
||||||
$_POST = add_magic_quotes( $_POST );
|
$_POST = add_magic_quotes( $_POST );
|
||||||
|
|
|
@ -689,15 +689,6 @@ class WP_REST_Request implements ArrayAccess {
|
||||||
|
|
||||||
parse_str( $this->get_body(), $params );
|
parse_str( $this->get_body(), $params );
|
||||||
|
|
||||||
/*
|
|
||||||
* Amazingly, parse_str follows magic quote rules. Sigh.
|
|
||||||
*
|
|
||||||
* NOTE: Do not refactor to use `wp_unslash`.
|
|
||||||
*/
|
|
||||||
if ( get_magic_quotes_gpc() ) {
|
|
||||||
$params = stripslashes_deep( $params );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add to the POST parameters stored internally. If a user has already
|
* Add to the POST parameters stored internally. If a user has already
|
||||||
* set these manually (via `set_body_params`), don't override them.
|
* set these manually (via `set_body_params`), don't override them.
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.3-alpha-46104';
|
$wp_version = '5.3-alpha-46105';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue