Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892.

git-svn-id: http://core.svn.wordpress.org/trunk@21850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 19:32:53 +00:00 · 2012-09-14 19:32:53 +00:00 · f4c9c9ce0d
parent 8cbf331fa5
commit f4c9c9ce0d
1 changed files with 2 additions and 6 deletions
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -2789,9 +2789,7 @@ function sanitize_option($option, $value) {

 		case 'blogdescription':
 		case 'blogname':
-			$value = addslashes($value);
-			$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
-			$value = stripslashes($value);
+			$value = wp_kses_post( $value );
 			$value = esc_html( $value );
 			break;

@ -2807,9 +2805,7 @@ function sanitize_option($option, $value) {
 		case 'ping_sites':
 		case 'upload_path':
 			$value = strip_tags($value);
-			$value = addslashes($value);
-			$value = wp_filter_kses($value); // calls stripslashes then addslashes
-			$value = stripslashes($value);
+			$value = wp_kses_data($value);
 			break;

 		case 'gmt_offset':