Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().
Use wp_slash() instead of addslashes(). see #21767. git-svn-id: https://develop.svn.wordpress.org/trunk@23578 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin
parent
1b8afaa995
commit
12882f9848
|
|
@ -21,7 +21,7 @@ if ( $doaction ) {
|
|||
|
||||
if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
|
||||
$comment_status = wp_unslash( $_REQUEST['comment_status'] );
|
||||
$delete_time = wp_unslash ( $_REQUEST['pagegen_timestamp'] );
|
||||
$delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] );
|
||||
$comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
|
||||
$doaction = 'delete';
|
||||
} elseif ( isset( $_REQUEST['delete_comments'] ) ) {
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ do_meta_boxes(null, 'normal', $comment);
|
|||
|
||||
<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
|
||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(wp_unslash(wp_get_referer())); ?>" />
|
||||
<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url( wp_get_referer() ); ?>" />
|
||||
<?php wp_original_referer_field(true, 'previous'); ?>
|
||||
<input type="hidden" name="noredir" value="1" />
|
||||
|
||||
|
|
|
|||
|
|
@ -467,11 +467,11 @@ function media_upload_form_handler() {
|
|||
$post = apply_filters('attachment_fields_to_save', $post, $attachment);
|
||||
|
||||
if ( isset($attachment['image_alt']) ) {
|
||||
$image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true);
|
||||
if ( $image_alt != wp_unslash($attachment['image_alt']) ) {
|
||||
$image_alt = wp_strip_all_tags( wp_unslash($attachment['image_alt']), true );
|
||||
$image_alt = wp_unslash( $attachment['image_alt'] );
|
||||
if ( $image_alt != get_post_meta($attachment_id, '_wp_attachment_image_alt', true) ) {
|
||||
$image_alt = wp_strip_all_tags( $image_alt, true );
|
||||
// update_meta expects slashed
|
||||
update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) );
|
||||
update_post_meta( $attachment_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ function edit_post( $post_data = null ) {
|
|||
}
|
||||
|
||||
if ( isset( $post_data[ '_wp_format_url' ] ) ) {
|
||||
update_post_meta( $post_ID, '_wp_format_url', addslashes( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
|
||||
update_post_meta( $post_ID, '_wp_format_url', wp_slash( esc_url_raw( wp_unslash( $post_data['_wp_format_url'] ) ) ) );
|
||||
}
|
||||
|
||||
$format_keys = array( 'quote', 'quote_source', 'image', 'gallery', 'media' );
|
||||
|
|
@ -235,11 +235,11 @@ function edit_post( $post_data = null ) {
|
|||
// Attachment stuff
|
||||
if ( 'attachment' == $post_data['post_type'] ) {
|
||||
if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
|
||||
$image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
|
||||
if ( $image_alt != wp_unslash( $post_data['_wp_attachment_image_alt'] ) ) {
|
||||
$image_alt = wp_strip_all_tags( wp_unslash( $post_data['_wp_attachment_image_alt'] ), true );
|
||||
$image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] );
|
||||
if ( $image_alt != get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) ) {
|
||||
$image_alt = wp_strip_all_tags( $image_alt, true );
|
||||
// update_meta expects slashed
|
||||
update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
|
||||
update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1233,8 +1233,7 @@ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $ec
|
|||
* @return string Referer field.
|
||||
*/
|
||||
function wp_referer_field( $echo = true ) {
|
||||
$ref = esc_attr( $_SERVER['REQUEST_URI'] );
|
||||
$referer_field = '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
|
||||
$referer_field = '<input type="hidden" name="_wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
|
||||
|
||||
if ( $echo )
|
||||
echo $referer_field;
|
||||
|
|
@ -1257,9 +1256,10 @@ function wp_referer_field( $echo = true ) {
|
|||
* @return string Original referer field.
|
||||
*/
|
||||
function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
|
||||
$jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
|
||||
$ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to;
|
||||
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( stripslashes( $ref ) ) . '" />';
|
||||
if ( ! $ref = wp_get_original_referer() ) {
|
||||
$ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] );
|
||||
}
|
||||
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr( $ref ) . '" />';
|
||||
if ( $echo )
|
||||
echo $orig_referer_field;
|
||||
return $orig_referer_field;
|
||||
|
|
@ -1278,11 +1278,11 @@ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) {
|
|||
function wp_get_referer() {
|
||||
$ref = false;
|
||||
if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
|
||||
$ref = $_REQUEST['_wp_http_referer'];
|
||||
$ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
|
||||
else if ( ! empty( $_SERVER['HTTP_REFERER'] ) )
|
||||
$ref = $_SERVER['HTTP_REFERER'];
|
||||
$ref = wp_unslash( $_SERVER['HTTP_REFERER'] );
|
||||
|
||||
if ( $ref && $ref !== $_SERVER['REQUEST_URI'] )
|
||||
if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) )
|
||||
return wp_unslash( $ref );
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1298,7 +1298,7 @@ function wp_get_referer() {
|
|||
*/
|
||||
function wp_get_original_referer() {
|
||||
if ( !empty( $_REQUEST['_wp_original_http_referer'] ) )
|
||||
return $_REQUEST['_wp_original_http_referer'];
|
||||
return wp_unslash( $_REQUEST['_wp_original_http_referer'] );
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -3906,7 +3906,7 @@ function wp_auth_check_load() {
|
|||
|
||||
/**
|
||||
* Output the JS that shows the wp-login iframe when the user is no longer logged in
|
||||
*/
|
||||
*/
|
||||
function wp_auth_check_js() {
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
|
|
|
|||
Loading…
Reference in New Issue