Changeset 1405

Timestamp:

06/11/2004 08:02:40 AM (21 years ago)

Author:

rboren

Message:

Get our slashes straight.

Location:

trunk

Files:

• wp-admin/post.php (modified) (5 diffs)
• wp-comments-post.php (modified) (1 diff)
• wp-includes/functions-formatting.php (modified) (1 diff)
• wp-includes/template-functions-comment.php (modified) (1 diff)
• wp-includes/template-functions-post.php (modified) (3 diffs)
• wp-pass.php (modified) (1 diff)

trunk/wp-admin/post.php

@@ -51 +51 @@
         $excerpt = balanceTags($_POST['excerpt']);
         $excerpt = format_to_post($excerpt);
-        $post_title = addslashes($_POST['post_title']);
+        $post_title = $_POST['post_title'];
         $post_categories = $_POST['post_category'];
         if(get_settings('use_geo_positions')) {
@@ -69 +69 @@
         $ping_status = $_POST['ping_status'];
         if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
-        $post_password = addslashes(stripslashes($_POST['post_password']));
+        $post_password = $_POST['post_password'];
         
         if (empty($post_name))
@@ -279 +279 @@
         $excerpt = balanceTags($_POST['excerpt']);
         $excerpt = format_to_post($excerpt);
-        $post_title = addslashes($_POST['post_title']);
+        $post_title = $_POST['post_title'];
         if(get_settings('use_geo_positions')) {
             $latf = floatval($_POST["post_latf"]);
@@ -302 +302 @@
         if (empty($ping_status)) $ping_status = 'closed';
         //if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
-        $post_password = addslashes($_POST['post_password']);
+        $post_password = $_POST['post_password'];
         $post_name = sanitize_title($_POST['post_name']);
         if (empty($post_name)) $post_name = sanitize_title($post_title);
@@ -671 +671 @@
     $newcomment_author_email = $_POST['newcomment_author_email'];
     $newcomment_author_url = $_POST['newcomment_author_url'];
-    $newcomment_author = addslashes($newcomment_author);
-    $newcomment_author_email = addslashes($newcomment_author_email);
-    $newcomment_author_url = addslashes($newcomment_author_url);
 
     if (($user_level > 4) && (!empty($_POST['edit_date']))) {

trunk/wp-comments-post.php

@@ -87 +87 @@
 do_action('comment_post', $comment_ID);
 
-setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
-setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
-setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
+setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
+setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
+setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
 
 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');

trunk/wp-includes/functions-formatting.php

@@ -268 +268 @@
 
 function format_to_edit($content) {
-    $content = stripslashes($content);
     $content = apply_filters('format_to_edit', $content);
     $content = htmlspecialchars($content);

trunk/wp-includes/template-functions-comment.php

@@ -22 +22 @@
     if ( $single || $withcomments ) :
         $req = get_settings('require_name_email');
-        $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
-        $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
-        $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
+        $comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
+        $comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
+        $comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
         $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
         include(ABSPATH . 'wp-comments.php');

trunk/wp-includes/template-functions-post.php

@@ -103 +103 @@
 
     if (!empty($post->post_password)) { // if there's a password
-        if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
+        if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) {  // and it doesn't match the cookie
             $output = get_the_password_form();
             return $output;
@@ -179 +179 @@
     global $cookiehash;
     $output = '';
-    $output = stripslashes($post->post_excerpt);
+    $output = $post->post_excerpt;
     if (!empty($post->post_password)) { // if there's a password
         if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) {  // and it doesn't match the cookie
@@ -189 +189 @@
     // If we haven't got an excerpt, make one in the style of the rss ones
     if (($output == '') && $fakeit) {
-        $output = $post->post_content;
+        $output = stripslashes($post->post_content);
         $output = strip_tags($output);
         $blah = explode(' ', $output);

trunk/wp-pass.php

@@ -6 +6 @@
 */
 require(dirname(__FILE__) . '/wp-config.php');
-setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30);
+setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30);
 header('Location: ' . $_SERVER['HTTP_REFERER']);