Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
80f62f3c21
commit
f3a83744e9
|
@ -20,8 +20,8 @@ if ( $doaction ) {
|
||||||
check_admin_referer( 'bulk-comments' );
|
check_admin_referer( 'bulk-comments' );
|
||||||
|
|
||||||
if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
|
if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
|
||||||
$comment_status = $_REQUEST['comment_status'];
|
$comment_status = wp_unslash( $_REQUEST['comment_status'] );
|
||||||
$delete_time = $_REQUEST['pagegen_timestamp'];
|
$delete_time = wp_unslash ( $_REQUEST['pagegen_timestamp'] );
|
||||||
$comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
|
$comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
|
||||||
$doaction = 'delete';
|
$doaction = 'delete';
|
||||||
} elseif ( isset( $_REQUEST['delete_comments'] ) ) {
|
} elseif ( isset( $_REQUEST['delete_comments'] ) ) {
|
||||||
|
|
|
@ -1333,7 +1333,7 @@ function _draft_or_post_title( $post = 0 ) {
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
function _admin_search_query() {
|
function _admin_search_query() {
|
||||||
echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : '';
|
echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : '';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -50,8 +50,8 @@ function install_themes_feature_list() {
|
||||||
* @since 2.8.0
|
* @since 2.8.0
|
||||||
*/
|
*/
|
||||||
function install_theme_search_form( $type_selector = true ) {
|
function install_theme_search_form( $type_selector = true ) {
|
||||||
$type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term';
|
$type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term';
|
||||||
$term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
|
$term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : '';
|
||||||
if ( ! $type_selector )
|
if ( ! $type_selector )
|
||||||
echo '<p class="install-help">' . __( 'Search for themes by keyword.' ) . '</p>';
|
echo '<p class="install-help">' . __( 'Search for themes by keyword.' ) . '</p>';
|
||||||
?>
|
?>
|
||||||
|
@ -179,7 +179,7 @@ add_action('install_themes_updated', 'display_themes');
|
||||||
function install_theme_information() {
|
function install_theme_information() {
|
||||||
global $tab, $themes_allowedtags, $wp_list_table;
|
global $tab, $themes_allowedtags, $wp_list_table;
|
||||||
|
|
||||||
$theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) );
|
$theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) );
|
||||||
|
|
||||||
if ( is_wp_error( $theme ) )
|
if ( is_wp_error( $theme ) )
|
||||||
wp_die( $theme );
|
wp_die( $theme );
|
||||||
|
|
|
@ -132,7 +132,7 @@ function wp_install_defaults($user_id) {
|
||||||
$first_post = get_site_option( 'first_post' );
|
$first_post = get_site_option( 'first_post' );
|
||||||
|
|
||||||
if ( empty($first_post) )
|
if ( empty($first_post) )
|
||||||
$first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) );
|
$first_post = __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' );
|
||||||
|
|
||||||
$first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post );
|
$first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post );
|
||||||
$first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
|
$first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post );
|
||||||
|
@ -636,23 +636,23 @@ function upgrade_160() {
|
||||||
$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
|
$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
|
||||||
foreach ( $users as $user ) :
|
foreach ( $users as $user ) :
|
||||||
if ( !empty( $user->user_firstname ) )
|
if ( !empty( $user->user_firstname ) )
|
||||||
update_user_meta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) );
|
update_user_meta( $user->ID, 'first_name', wp_slash($user->user_firstname) );
|
||||||
if ( !empty( $user->user_lastname ) )
|
if ( !empty( $user->user_lastname ) )
|
||||||
update_user_meta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
|
update_user_meta( $user->ID, 'last_name', wp_slash($user->user_lastname) );
|
||||||
if ( !empty( $user->user_nickname ) )
|
if ( !empty( $user->user_nickname ) )
|
||||||
update_user_meta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
|
update_user_meta( $user->ID, 'nickname', wp_slash($user->user_nickname) );
|
||||||
if ( !empty( $user->user_level ) )
|
if ( !empty( $user->user_level ) )
|
||||||
update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level );
|
update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level );
|
||||||
if ( !empty( $user->user_icq ) )
|
if ( !empty( $user->user_icq ) )
|
||||||
update_user_meta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
|
update_user_meta( $user->ID, 'icq', wp_slash($user->user_icq) );
|
||||||
if ( !empty( $user->user_aim ) )
|
if ( !empty( $user->user_aim ) )
|
||||||
update_user_meta( $user->ID, 'aim', $wpdb->escape($user->user_aim) );
|
update_user_meta( $user->ID, 'aim', wp_slash($user->user_aim) );
|
||||||
if ( !empty( $user->user_msn ) )
|
if ( !empty( $user->user_msn ) )
|
||||||
update_user_meta( $user->ID, 'msn', $wpdb->escape($user->user_msn) );
|
update_user_meta( $user->ID, 'msn', wp_slash($user->user_msn) );
|
||||||
if ( !empty( $user->user_yim ) )
|
if ( !empty( $user->user_yim ) )
|
||||||
update_user_meta( $user->ID, 'yim', $wpdb->escape($user->user_icq) );
|
update_user_meta( $user->ID, 'yim', wp_slash($user->user_icq) );
|
||||||
if ( !empty( $user->user_description ) )
|
if ( !empty( $user->user_description ) )
|
||||||
update_user_meta( $user->ID, 'description', $wpdb->escape($user->user_description) );
|
update_user_meta( $user->ID, 'description', wp_slash($user->user_description) );
|
||||||
|
|
||||||
if ( isset( $user->user_idmode ) ):
|
if ( isset( $user->user_idmode ) ):
|
||||||
$idmode = $user->user_idmode;
|
$idmode = $user->user_idmode;
|
||||||
|
@ -854,7 +854,7 @@ function upgrade_230() {
|
||||||
foreach ( $link_cats as $category) {
|
foreach ( $link_cats as $category) {
|
||||||
$cat_id = (int) $category->cat_id;
|
$cat_id = (int) $category->cat_id;
|
||||||
$term_id = 0;
|
$term_id = 0;
|
||||||
$name = $wpdb->escape($category->cat_name);
|
$name = wp_slash($category->cat_name);
|
||||||
$slug = sanitize_title($name);
|
$slug = sanitize_title($name);
|
||||||
$term_group = 0;
|
$term_group = 0;
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ function edit_user( $user_id = 0 ) {
|
||||||
$update = true;
|
$update = true;
|
||||||
$user->ID = (int) $user_id;
|
$user->ID = (int) $user_id;
|
||||||
$userdata = get_userdata( $user_id );
|
$userdata = get_userdata( $user_id );
|
||||||
$user->user_login = $wpdb->escape( $userdata->user_login );
|
$user->user_login = wp_slash( $userdata->user_login );
|
||||||
} else {
|
} else {
|
||||||
$update = false;
|
$update = false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -84,10 +84,10 @@ function display_setup_form( $error = null ) {
|
||||||
if ( ! empty( $_POST ) )
|
if ( ! empty( $_POST ) )
|
||||||
$blog_public = isset( $_POST['blog_public'] );
|
$blog_public = isset( $_POST['blog_public'] );
|
||||||
|
|
||||||
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
|
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
|
||||||
$user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
|
$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
|
||||||
$admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
|
$admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
|
||||||
$admin_email = isset( $_POST['admin_email'] ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
|
$admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
|
||||||
|
|
||||||
if ( ! is_null( $error ) ) {
|
if ( ! is_null( $error ) ) {
|
||||||
?>
|
?>
|
||||||
|
@ -189,11 +189,11 @@ switch($step) {
|
||||||
|
|
||||||
display_header();
|
display_header();
|
||||||
// Fill in the data we gathered
|
// Fill in the data we gathered
|
||||||
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
|
$weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
|
||||||
$user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
|
$user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
|
||||||
$admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
|
$admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
|
||||||
$admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
|
$admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
|
||||||
$admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
|
$admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
|
||||||
$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0;
|
$public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0;
|
||||||
// check e-mail address
|
// check e-mail address
|
||||||
$error = false;
|
$error = false;
|
||||||
|
|
|
@ -31,7 +31,7 @@ if ( $doaction && isset( $_REQUEST['linkcheck'] ) ) {
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
|
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
|
||||||
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
|
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ if ( ! current_user_can('manage_links') )
|
||||||
<?php screen_icon(); ?>
|
<?php screen_icon(); ?>
|
||||||
<h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php
|
<h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php
|
||||||
if ( !empty($_REQUEST['s']) )
|
if ( !empty($_REQUEST['s']) )
|
||||||
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_REQUEST['s']) ) ); ?>
|
printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( wp_unslash($_REQUEST['s']) ) ); ?>
|
||||||
</h2>
|
</h2>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -520,7 +520,7 @@ if ( $_POST ) {
|
||||||
$base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
|
$base = parse_url( trailingslashit( get_option( 'home' ) ), PHP_URL_PATH );
|
||||||
$subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
|
$subdomain_install = allow_subdomain_install() ? !empty( $_POST['subdomain_install'] ) : false;
|
||||||
if ( ! network_domain_check() ) {
|
if ( ! network_domain_check() ) {
|
||||||
$result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), stripslashes( $_POST['sitename'] ), $base, $subdomain_install );
|
$result = populate_network( 1, get_clean_basedomain(), sanitize_email( $_POST['email'] ), wp_unslash( $_POST['sitename'] ), $base, $subdomain_install );
|
||||||
if ( is_wp_error( $result ) ) {
|
if ( is_wp_error( $result ) ) {
|
||||||
if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
|
if ( 1 == count( $result->get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() )
|
||||||
network_step2( $result );
|
network_step2( $result );
|
||||||
|
|
|
@ -62,7 +62,7 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) {
|
||||||
delete_option( 'rewrite_rules' );
|
delete_option( 'rewrite_rules' );
|
||||||
|
|
||||||
// update blogs table
|
// update blogs table
|
||||||
$blog_data = stripslashes_deep( $_POST['blog'] );
|
$blog_data = wp_unslash( $_POST['blog'] );
|
||||||
$existing_details = get_blog_details( $id, false );
|
$existing_details = get_blog_details( $id, false );
|
||||||
$blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
|
$blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' );
|
||||||
foreach ( $blog_data_checkboxes as $c ) {
|
foreach ( $blog_data_checkboxes as $c ) {
|
||||||
|
|
|
@ -88,7 +88,7 @@ if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
|
||||||
$content_mail = sprintf( __( 'New site created by %1$s
|
$content_mail = sprintf( __( 'New site created by %1$s
|
||||||
|
|
||||||
Address: %2$s
|
Address: %2$s
|
||||||
Name: %3$s' ), $current_user->user_login , get_site_url( $id ), stripslashes( $title ) );
|
Name: %3$s' ), $current_user->user_login , get_site_url( $id ), wp_unslash( $title ) );
|
||||||
wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );
|
wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );
|
||||||
wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
|
wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) );
|
||||||
wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) );
|
wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) );
|
||||||
|
|
|
@ -53,12 +53,14 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_ar
|
||||||
$count = count( $_POST['option'] );
|
$count = count( $_POST['option'] );
|
||||||
$skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
|
$skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form.
|
||||||
foreach ( (array) $_POST['option'] as $key => $val ) {
|
foreach ( (array) $_POST['option'] as $key => $val ) {
|
||||||
|
$key = wp_unslash( $key );
|
||||||
|
$val = wp_unslash( $val );
|
||||||
if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
|
if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) )
|
||||||
continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
|
continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
|
||||||
if ( $c == $count )
|
if ( $c == $count )
|
||||||
update_option( $key, stripslashes( $val ) );
|
update_option( $key, $val );
|
||||||
else
|
else
|
||||||
update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet
|
update_option( $key, $val, false ); // no need to refresh blog details yet
|
||||||
$c++;
|
$c++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -79,7 +79,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||||
<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
|
<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
|
||||||
<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
|
<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
|
||||||
<?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?>
|
<?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?>
|
||||||
<p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p>
|
<p><?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?></p>
|
||||||
<?php submit_button( __('Confirm'), 'button' ); ?>
|
<?php submit_button( __('Confirm'), 'button' ); ?>
|
||||||
</form>
|
</form>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
/**
|
/**
|
||||||
* WordPress Options Header.
|
* WordPress Options Header.
|
||||||
*
|
*
|
||||||
* Resets variables: 'action', 'standalone', and 'option_group_id'. Displays
|
* Displays updated message, if updated variable is part of the URL query.
|
||||||
* updated message, if updated variable is part of the URL query.
|
|
||||||
*
|
*
|
||||||
* @package WordPress
|
* @package WordPress
|
||||||
* @subpackage Administration
|
* @subpackage Administration
|
||||||
|
|
|
@ -120,16 +120,16 @@ if ( 'update' == $action ) {
|
||||||
if ( 'options' == $option_page ) {
|
if ( 'options' == $option_page ) {
|
||||||
if ( is_multisite() && ! is_super_admin() )
|
if ( is_multisite() && ! is_super_admin() )
|
||||||
wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
|
wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) );
|
||||||
$options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) );
|
$options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) );
|
||||||
} else {
|
} else {
|
||||||
$options = $whitelist_options[ $option_page ];
|
$options = $whitelist_options[ $option_page ];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle custom date/time formats
|
// Handle custom date/time formats
|
||||||
if ( 'general' == $option_page ) {
|
if ( 'general' == $option_page ) {
|
||||||
if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) )
|
if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) )
|
||||||
$_POST['date_format'] = $_POST['date_format_custom'];
|
$_POST['date_format'] = $_POST['date_format_custom'];
|
||||||
if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) )
|
if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) )
|
||||||
$_POST['time_format'] = $_POST['time_format_custom'];
|
$_POST['time_format'] = $_POST['time_format_custom'];
|
||||||
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
|
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
|
||||||
if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
|
if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) {
|
||||||
|
@ -150,7 +150,7 @@ if ( 'update' == $action ) {
|
||||||
$value = $_POST[ $option ];
|
$value = $_POST[ $option ];
|
||||||
if ( ! is_array( $value ) )
|
if ( ! is_array( $value ) )
|
||||||
$value = trim( $value );
|
$value = trim( $value );
|
||||||
$value = stripslashes_deep( $value );
|
$value = wp_unslash( $value );
|
||||||
}
|
}
|
||||||
update_option( $option, $value );
|
update_option( $option, $value );
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,7 +28,7 @@ if ( empty($plugins) )
|
||||||
wp_die( __('There are no plugins installed on this site.') );
|
wp_die( __('There are no plugins installed on this site.') );
|
||||||
|
|
||||||
if ( isset($_REQUEST['file']) )
|
if ( isset($_REQUEST['file']) )
|
||||||
$plugin = stripslashes($_REQUEST['file']);
|
$plugin = wp_unslash($_REQUEST['file']);
|
||||||
|
|
||||||
if ( empty($plugin) ) {
|
if ( empty($plugin) ) {
|
||||||
$plugin = array_keys($plugins);
|
$plugin = array_keys($plugins);
|
||||||
|
@ -39,8 +39,6 @@ $plugin_files = get_plugin_files($plugin);
|
||||||
|
|
||||||
if ( empty($file) )
|
if ( empty($file) )
|
||||||
$file = $plugin_files[0];
|
$file = $plugin_files[0];
|
||||||
else
|
|
||||||
$file = stripslashes($file);
|
|
||||||
|
|
||||||
$file = validate_file_to_edit($file, $plugin_files);
|
$file = validate_file_to_edit($file, $plugin_files);
|
||||||
$real_file = WP_PLUGIN_DIR . '/' . $file;
|
$real_file = WP_PLUGIN_DIR . '/' . $file;
|
||||||
|
@ -52,7 +50,7 @@ case 'update':
|
||||||
|
|
||||||
check_admin_referer('edit-plugin_' . $file);
|
check_admin_referer('edit-plugin_' . $file);
|
||||||
|
|
||||||
$newcontent = stripslashes($_POST['newcontent']);
|
$newcontent = wp_unslash( $_POST['newcontent'] );
|
||||||
if ( is_writeable($real_file) ) {
|
if ( is_writeable($real_file) ) {
|
||||||
$f = fopen($real_file, 'w+');
|
$f = fopen($real_file, 'w+');
|
||||||
fwrite($f, $newcontent);
|
fwrite($f, $newcontent);
|
||||||
|
|
|
@ -91,11 +91,11 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set Variables
|
// Set Variables
|
||||||
$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
|
$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
|
||||||
|
|
||||||
$selection = '';
|
$selection = '';
|
||||||
if ( !empty($_GET['s']) ) {
|
if ( !empty($_GET['s']) ) {
|
||||||
$selection = str_replace(''', "'", stripslashes($_GET['s']));
|
$selection = str_replace(''', "'", wp_unslash($_GET['s']));
|
||||||
$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
|
$selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -164,7 +164,7 @@ switch($step) {
|
||||||
|
|
||||||
case 2:
|
case 2:
|
||||||
foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
|
foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
|
||||||
$$key = trim( stripslashes( $_POST[ $key ] ) );
|
$$key = trim( wp_unslash( $_POST[ $key ] ) );
|
||||||
|
|
||||||
$tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>';
|
$tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try again' ) . '</a>';
|
||||||
|
|
||||||
|
|
|
@ -68,7 +68,7 @@ if ( empty( $file ) ) {
|
||||||
$relative_file = 'style.css';
|
$relative_file = 'style.css';
|
||||||
$file = $allowed_files['style.css'];
|
$file = $allowed_files['style.css'];
|
||||||
} else {
|
} else {
|
||||||
$relative_file = stripslashes( $file );
|
$relative_file = wp_unslash( $file );
|
||||||
$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
|
$file = $theme->get_stylesheet_directory() . '/' . $relative_file;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ $scrollto = isset( $_REQUEST['scrollto'] ) ? (int) $_REQUEST['scrollto'] : 0;
|
||||||
switch( $action ) {
|
switch( $action ) {
|
||||||
case 'update':
|
case 'update':
|
||||||
check_admin_referer( 'edit-theme_' . $file . $stylesheet );
|
check_admin_referer( 'edit-theme_' . $file . $stylesheet );
|
||||||
$newcontent = stripslashes( $_POST['newcontent'] );
|
$newcontent = wp_unslash( $_POST['newcontent'] );
|
||||||
$location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
|
$location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
|
||||||
if ( is_writeable( $file ) ) {
|
if ( is_writeable( $file ) ) {
|
||||||
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
|
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
|
||||||
|
|
|
@ -77,7 +77,7 @@ else
|
||||||
<?php else :
|
<?php else :
|
||||||
switch ( $step ) :
|
switch ( $step ) :
|
||||||
case 0:
|
case 0:
|
||||||
$goback = stripslashes( wp_get_referer() );
|
$goback = wp_unslash( wp_get_referer() );
|
||||||
$goback = esc_url_raw( $goback );
|
$goback = esc_url_raw( $goback );
|
||||||
$goback = urlencode( $goback );
|
$goback = urlencode( $goback );
|
||||||
?>
|
?>
|
||||||
|
@ -90,7 +90,7 @@ switch ( $step ) :
|
||||||
case 1:
|
case 1:
|
||||||
wp_upgrade();
|
wp_upgrade();
|
||||||
|
|
||||||
$backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
|
$backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/';
|
||||||
$backto = esc_url( $backto );
|
$backto = esc_url( $backto );
|
||||||
$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
|
$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -132,7 +132,7 @@ if ( $doaction ) {
|
||||||
wp_redirect( $location );
|
wp_redirect( $location );
|
||||||
exit;
|
exit;
|
||||||
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
|
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
|
||||||
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
|
wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue