Get our slashes straight.
git-svn-id: https://develop.svn.wordpress.org/trunk@1405 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
39541ea299
commit
a5a67ec795
|
|
@ -50,7 +50,7 @@ case 'post':
|
||||||
$content = format_to_post($content);
|
$content = format_to_post($content);
|
||||||
$excerpt = balanceTags($_POST['excerpt']);
|
$excerpt = balanceTags($_POST['excerpt']);
|
||||||
$excerpt = format_to_post($excerpt);
|
$excerpt = format_to_post($excerpt);
|
||||||
$post_title = addslashes($_POST['post_title']);
|
$post_title = $_POST['post_title'];
|
||||||
$post_categories = $_POST['post_category'];
|
$post_categories = $_POST['post_category'];
|
||||||
if(get_settings('use_geo_positions')) {
|
if(get_settings('use_geo_positions')) {
|
||||||
$latstr = $_POST['post_latf'];
|
$latstr = $_POST['post_latf'];
|
||||||
|
|
@ -68,7 +68,7 @@ case 'post':
|
||||||
if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
|
if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
|
||||||
$ping_status = $_POST['ping_status'];
|
$ping_status = $_POST['ping_status'];
|
||||||
if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
|
if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
|
||||||
$post_password = addslashes(stripslashes($_POST['post_password']));
|
$post_password = $_POST['post_password'];
|
||||||
|
|
||||||
if (empty($post_name))
|
if (empty($post_name))
|
||||||
$post_name = sanitize_title($post_title);
|
$post_name = sanitize_title($post_title);
|
||||||
|
|
@ -278,7 +278,7 @@ case 'editpost':
|
||||||
$content = format_to_post($content);
|
$content = format_to_post($content);
|
||||||
$excerpt = balanceTags($_POST['excerpt']);
|
$excerpt = balanceTags($_POST['excerpt']);
|
||||||
$excerpt = format_to_post($excerpt);
|
$excerpt = format_to_post($excerpt);
|
||||||
$post_title = addslashes($_POST['post_title']);
|
$post_title = $_POST['post_title'];
|
||||||
if(get_settings('use_geo_positions')) {
|
if(get_settings('use_geo_positions')) {
|
||||||
$latf = floatval($_POST["post_latf"]);
|
$latf = floatval($_POST["post_latf"]);
|
||||||
$lonf = floatval($_POST["post_lonf"]);
|
$lonf = floatval($_POST["post_lonf"]);
|
||||||
|
|
@ -301,7 +301,7 @@ case 'editpost':
|
||||||
$ping_status = $_POST['ping_status'];
|
$ping_status = $_POST['ping_status'];
|
||||||
if (empty($ping_status)) $ping_status = 'closed';
|
if (empty($ping_status)) $ping_status = 'closed';
|
||||||
//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
|
//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
|
||||||
$post_password = addslashes($_POST['post_password']);
|
$post_password = $_POST['post_password'];
|
||||||
$post_name = sanitize_title($_POST['post_name']);
|
$post_name = sanitize_title($_POST['post_name']);
|
||||||
if (empty($post_name)) $post_name = sanitize_title($post_title);
|
if (empty($post_name)) $post_name = sanitize_title($post_title);
|
||||||
$trackback = $_POST['trackback_url'];
|
$trackback = $_POST['trackback_url'];
|
||||||
|
|
@ -670,9 +670,6 @@ case 'editedcomment':
|
||||||
$newcomment_author = $_POST['newcomment_author'];
|
$newcomment_author = $_POST['newcomment_author'];
|
||||||
$newcomment_author_email = $_POST['newcomment_author_email'];
|
$newcomment_author_email = $_POST['newcomment_author_email'];
|
||||||
$newcomment_author_url = $_POST['newcomment_author_url'];
|
$newcomment_author_url = $_POST['newcomment_author_url'];
|
||||||
$newcomment_author = addslashes($newcomment_author);
|
|
||||||
$newcomment_author_email = addslashes($newcomment_author_email);
|
|
||||||
$newcomment_author_url = addslashes($newcomment_author_url);
|
|
||||||
|
|
||||||
if (($user_level > 4) && (!empty($_POST['edit_date']))) {
|
if (($user_level > 4) && (!empty($_POST['edit_date']))) {
|
||||||
$aa = $_POST['aa'];
|
$aa = $_POST['aa'];
|
||||||
|
|
|
||||||
|
|
@ -86,9 +86,9 @@ if ((get_settings('comments_notify')) && ($approved)) {
|
||||||
|
|
||||||
do_action('comment_post', $comment_ID);
|
do_action('comment_post', $comment_ID);
|
||||||
|
|
||||||
setcookie('comment_author_' . $cookiehash, $author, time() + 30000000, COOKIEPATH);
|
setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
|
||||||
setcookie('comment_author_email_' . $cookiehash, $email, time() + 30000000, COOKIEPATH);
|
setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
|
||||||
setcookie('comment_author_url_' . $cookiehash, $url, time() + 30000000, COOKIEPATH);
|
setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
|
||||||
|
|
||||||
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
|
||||||
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||||
|
|
|
||||||
|
|
@ -267,7 +267,6 @@ function balanceTags($text, $is_comment = 0) {
|
||||||
|
|
||||||
|
|
||||||
function format_to_edit($content) {
|
function format_to_edit($content) {
|
||||||
$content = stripslashes($content);
|
|
||||||
$content = apply_filters('format_to_edit', $content);
|
$content = apply_filters('format_to_edit', $content);
|
||||||
$content = htmlspecialchars($content);
|
$content = htmlspecialchars($content);
|
||||||
return $content;
|
return $content;
|
||||||
|
|
|
||||||
|
|
@ -21,9 +21,9 @@ function comments_template() {
|
||||||
|
|
||||||
if ( $single || $withcomments ) :
|
if ( $single || $withcomments ) :
|
||||||
$req = get_settings('require_name_email');
|
$req = get_settings('require_name_email');
|
||||||
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim($_COOKIE['comment_author_'.$cookiehash]) : '';
|
$comment_author = isset($_COOKIE['comment_author_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_'.$cookiehash])) : '';
|
||||||
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim($_COOKIE['comment_author_email_'.$cookiehash]) : '';
|
$comment_author_email = isset($_COOKIE['comment_author_email_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_email_'.$cookiehash])) : '';
|
||||||
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim($_COOKIE['comment_author_url_'.$cookiehash]) : '';
|
$comment_author_url = isset($_COOKIE['comment_author_url_'.$cookiehash]) ? trim(stripslashes($_COOKIE['comment_author_url_'.$cookiehash])) : '';
|
||||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
|
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
|
||||||
include(ABSPATH . 'wp-comments.php');
|
include(ABSPATH . 'wp-comments.php');
|
||||||
endif;
|
endif;
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@ function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_
|
||||||
$output = '';
|
$output = '';
|
||||||
|
|
||||||
if (!empty($post->post_password)) { // if there's a password
|
if (!empty($post->post_password)) { // if there's a password
|
||||||
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
if (stripslashes($_COOKIE['wp-postpass_'.$cookiehash]) != $post->post_password) { // and it doesn't match the cookie
|
||||||
$output = get_the_password_form();
|
$output = get_the_password_form();
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
@ -178,7 +178,7 @@ function get_the_excerpt($fakeit = true) {
|
||||||
global $id, $post;
|
global $id, $post;
|
||||||
global $cookiehash;
|
global $cookiehash;
|
||||||
$output = '';
|
$output = '';
|
||||||
$output = stripslashes($post->post_excerpt);
|
$output = $post->post_excerpt;
|
||||||
if (!empty($post->post_password)) { // if there's a password
|
if (!empty($post->post_password)) { // if there's a password
|
||||||
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
if ($_COOKIE['wp-postpass_'.$cookiehash] != $post->post_password) { // and it doesn't match the cookie
|
||||||
$output = __('There is no excerpt because this is a protected post.');
|
$output = __('There is no excerpt because this is a protected post.');
|
||||||
|
|
@ -188,7 +188,7 @@ function get_the_excerpt($fakeit = true) {
|
||||||
|
|
||||||
// If we haven't got an excerpt, make one in the style of the rss ones
|
// If we haven't got an excerpt, make one in the style of the rss ones
|
||||||
if (($output == '') && $fakeit) {
|
if (($output == '') && $fakeit) {
|
||||||
$output = $post->post_content;
|
$output = stripslashes($post->post_content);
|
||||||
$output = strip_tags($output);
|
$output = strip_tags($output);
|
||||||
$blah = explode(' ', $output);
|
$blah = explode(' ', $output);
|
||||||
$excerpt_length = 120;
|
$excerpt_length = 120;
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
-- Matt
|
-- Matt
|
||||||
*/
|
*/
|
||||||
require(dirname(__FILE__) . '/wp-config.php');
|
require(dirname(__FILE__) . '/wp-config.php');
|
||||||
setcookie('wp-postpass_'.$cookiehash, $_POST['post_password'], time()+60*60*24*30);
|
setcookie('wp-postpass_'.$cookiehash, stripslashes($_POST['post_password']), time()+60*60*24*30);
|
||||||
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
Loading…
Reference in New Issue