Skip to content

Commit a5a67ec

Browse files
ryanborenryanboren
committed
Get our slashes straight.
git-svn-id: https://develop.svn.wordpress.org/trunk@1405 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 39541ea commit a5a67ec

6 files changed

Lines changed: 14 additions & 18 deletions

File tree

wp-admin/post.php

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ function add_magic_quotes($array) {
5050
$content = format_to_post($content);
5151
$excerpt = balanceTags($_POST['excerpt']);
5252
$excerpt = format_to_post($excerpt);
53-
$post_title = addslashes($_POST['post_title']);
53+
$post_title = $_POST['post_title'];
5454
$post_categories = $_POST['post_category'];
5555
if(get_settings('use_geo_positions')) {
5656
$latstr = $_POST['post_latf'];
@@ -68,7 +68,7 @@ function add_magic_quotes($array) {
6868
if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
6969
$ping_status = $_POST['ping_status'];
7070
if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
71-
$post_password = addslashes(stripslashes($_POST['post_password']));
71+
$post_password = $_POST['post_password'];
7272

7373
if (empty($post_name))
7474
$post_name = sanitize_title($post_title);
@@ -278,7 +278,7 @@ function add_magic_quotes($array) {
278278
$content = format_to_post($content);
279279
$excerpt = balanceTags($_POST['excerpt']);
280280
$excerpt = format_to_post($excerpt);
281-
$post_title = addslashes($_POST['post_title']);
281+
$post_title = $_POST['post_title'];
282282
if(get_settings('use_geo_positions')) {
283283
$latf = floatval($_POST["post_latf"]);
284284
$lonf = floatval($_POST["post_lonf"]);
@@ -301,7 +301,7 @@ function add_magic_quotes($array) {
301301
$ping_status = $_POST['ping_status'];
302302
if (empty($ping_status)) $ping_status = 'closed';
303303
//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
304-
$post_password = addslashes($_POST['post_password']);
304+
$post_password = $_POST['post_password'];
305305
$post_name = sanitize_title($_POST['post_name']);
306306
if (empty($post_name)) $post_name = sanitize_title($post_title);
307307
$trackback = $_POST['trackback_url'];
@@ -670,9 +670,6 @@ function add_magic_quotes($array) {
670670
$newcomment_author = $_POST['newcomment_author'];
671671
$newcomment_author_email = $_POST['newcomment_author_email'];
672672
$newcomment_author_url = $_POST['newcomment_author_url'];
673-
$newcomment_author = addslashes($newcomment_author);
674-
$newcomment_author_email = addslashes($newcomment_author_email);
675-
$newcomment_author_url = addslashes($newcomment_author_url);
676673

677674
if (($user_level > 4) && (!empty($_POST['edit_date']))) {
678675
$aa = $_POST['aa'];

wp-comments-post.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,9 +86,9 @@ function add_magic_quotes($array) {
8686

8787
do_action('comment_post', $comment_ID);
8888

89-
setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
90-
setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
91-
setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
89+
setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
90+
setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
91+
setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
9292

9393
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
9494
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

wp-includes/functions-formatting.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -267,7 +267,6 @@ function balanceTags($text, $is_comment = 0) {
267267

268268

269269
function format_to_edit($content) {
270-
$content = stripslashes($content);
271270
$content = apply_filters('format_to_edit', $content);
272271
$content = htmlspecialchars($content);
273272
return $content;

wp-includes/template-functions-comment.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,9 @@ function comments_template() {
2121

2222
if ( $single || $withcomments ) :
2323
$req = get_settings('require_name_email');
24-
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
25-
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
26-
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
24+
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
25+
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
26+
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
2727
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
2828
include(ABSPATH . 'wp-comments.php');
2929
endif;

wp-includes/template-functions-post.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_
102102
$output = '';
103103

104104
if (!empty($post->post_password)) { // if there's a password
105-
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
105+
if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie
106106
$output = get_the_password_form();
107107
return $output;
108108
}
@@ -178,7 +178,7 @@ function get_the_excerpt($fakeit = true) {
178178
global $id, $post;
179179
global $cookiehash;
180180
$output = '';
181-
$output = stripslashes($post->post_excerpt);
181+
$output = $post->post_excerpt;
182182
if (!empty($post->post_password)) { // if there's a password
183183
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
184184
$output = __('There is no excerpt because this is a protected post.');
@@ -188,7 +188,7 @@ function get_the_excerpt($fakeit = true) {
188188

189189
// If we haven't got an excerpt, make one in the style of the rss ones
190190
if (($output == '') && $fakeit) {
191-
$output = $post->post_content;
191+
$output = stripslashes($post->post_content);
192192
$output = strip_tags($output);
193193
$blah = explode(' ', $output);
194194
$excerpt_length = 120;

wp-pass.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
-- Matt
66
*/
77
require(dirname(__FILE__) . '/wp-config.php');
8-
setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30);
8+
setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30);
99
header('Location: ' . $_SERVER['HTTP_REFERER']);
1010

1111
?>

0 commit comments

Comments
 (0)