From 3a9b0e0c083ada5eb7bb88257c222026b782cb45 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Thu, 12 Apr 2007 02:58:41 +0000
Subject: [PATCH] Stripslashes post meta values before handing off to
 add_post_meta.  Use wpdb::escape instead of addslashes. Props takayukister.
 fixes #4028

git-svn-id: https://develop.svn.wordpress.org/trunk@5249 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/import/wordpress.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wp-admin/import/wordpress.php b/wp-admin/import/wordpress.php
index 55fbcea2e9..7b4a8c0c30 100644
--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -35,8 +35,9 @@ class WP_Import {
 	}
 
 	function get_tag( $string, $tag ) {
+		global $wpdb;
 		preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
-		$return = addslashes( trim( $return[1] ) );
+		$return = $wpdb->escape( trim( $return[1] ) );
 		return $return;
 	}
 
@@ -336,6 +337,7 @@ class WP_Import {
 		if ( $postmeta) { foreach ($postmeta as $p) {
 			$key   = $this->get_tag( $p, 'wp:meta_key' );
 			$value = $this->get_tag( $p, 'wp:meta_value' );
+			$value = stripslashes($value); // add_post_meta() will escape.
 			add_post_meta( $post_id, $key, $value );
 		} }
 	}