Use wpdb->escape instead of addslashes to prepare DB bound data.
git-svn-id: https://develop.svn.wordpress.org/trunk@2699 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
bcb1e84446
commit
b3f7bd726c
@ -448,7 +448,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
|
|||||||
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
|
$count = $wpdb->get_var("SELECT COUNT(post_id) FROM $wpdb->post2cat WHERE category_id = $category->cat_ID");
|
||||||
$pad = str_repeat('— ', $level);
|
$pad = str_repeat('— ', $level);
|
||||||
if ( $user_level > 3 )
|
if ( $user_level > 3 )
|
||||||
$edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), addslashes($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>";
|
$edit = "<a href='categories.php?action=edit&cat_ID=$category->cat_ID' class='edit'>" . __('Edit') . "</a></td><td><a href='categories.php?action=delete&cat_ID=$category->cat_ID' onclick=\"return confirm('". sprintf(__("You are about to delete the category \'%s\'. All of its posts will go to the default category.\\n \'OK\' to delete, \'Cancel\' to stop."), $wpdb->escape($category->cat_name)) . "')\" class='delete'>" . __('Delete') . "</a>";
|
||||||
else
|
else
|
||||||
$edit = '';
|
$edit = '';
|
||||||
|
|
||||||
|
|||||||
@ -132,7 +132,7 @@ edCanvas = document.getElementById('content');
|
|||||||
<tr>
|
<tr>
|
||||||
<th scope="row"><?php _e('Delete'); ?>:</th>
|
<th scope="row"><?php _e('Delete'); ?>:</th>
|
||||||
<td><?php if ('edit' == $action) : ?>
|
<td><?php if ('edit' == $action) : ?>
|
||||||
<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
|
<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $wpdb->escape($post->post_title) ) . "')\""; ?> />
|
||||||
<?php endif; ?></td>
|
<?php endif; ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|||||||
@ -62,16 +62,16 @@ case "step1":
|
|||||||
//$post_number = $postinfo[3];
|
//$post_number = $postinfo[3];
|
||||||
$post_title = $postinfo[4];
|
$post_title = $postinfo[4];
|
||||||
|
|
||||||
$post_author = trim(addslashes($postinfo[1]));
|
$post_author = trim($wpdb->escape($postinfo[1]));
|
||||||
// we'll check the author is registered already
|
// we'll check the author is registered already
|
||||||
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$post_author'");
|
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$post_author'");
|
||||||
if (!$user) { // seems s/he's not, so let's register
|
if (!$user) { // seems s/he's not, so let's register
|
||||||
$user_joindate = '1979-06-06 00:41:00'; // that's my birthdate (gmt+1) - I could choose any other date. You could change the date too. Just remember the year must be >=1970 or the world would just randomly fall on your head (everything might look fine, and then blam! major headache!)
|
$user_joindate = '1979-06-06 00:41:00'; // that's my birthdate (gmt+1) - I could choose any other date. You could change the date too. Just remember the year must be >=1970 or the world would just randomly fall on your head (everything might look fine, and then blam! major headache!)
|
||||||
$user_login = addslashes($post_author);
|
$user_login = $wpdb->escape($post_author);
|
||||||
$pass1 = addslashes('password');
|
$pass1 = $wpdb->escape('password');
|
||||||
$user_email = addslashes('user@wordpress.org');
|
$user_email = $wpdb->escape('user@wordpress.org');
|
||||||
$user_url = addslashes('');
|
$user_url = $wpdb->escape('');
|
||||||
$user_joindate = addslashes($user_joindate);
|
$user_joindate = $wpdb->escape($user_joindate);
|
||||||
$result = $wpdb->query("
|
$result = $wpdb->query("
|
||||||
INSERT INTO $wpdb->users (
|
INSERT INTO $wpdb->users (
|
||||||
user_login,
|
user_login,
|
||||||
@ -111,10 +111,10 @@ case "step1":
|
|||||||
|
|
||||||
$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
|
$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
|
||||||
|
|
||||||
$post_content = addslashes($post_content);
|
$post_content = $wpdb->escape($post_content);
|
||||||
$post_content = str_replace('<br>', '<br />', $post_content); // the XHTML touch... ;)
|
$post_content = str_replace('<br>', '<br />', $post_content); // the XHTML touch... ;)
|
||||||
|
|
||||||
$post_title = addslashes($post_title);
|
$post_title = $wpdb->escape($post_title);
|
||||||
|
|
||||||
// Quick-n-dirty check for dups:
|
// Quick-n-dirty check for dups:
|
||||||
$dupcheck = $wpdb->get_results("SELECT ID,post_date,post_title FROM $wpdb->posts WHERE post_date='$post_date' AND post_title='$post_title' LIMIT 1",ARRAY_A);
|
$dupcheck = $wpdb->get_results("SELECT ID,post_date,post_title FROM $wpdb->posts WHERE post_date='$post_date' AND post_title='$post_title' LIMIT 1",ARRAY_A);
|
||||||
|
|||||||
@ -90,12 +90,12 @@ case "step1":
|
|||||||
$s=$userdata[4];
|
$s=$userdata[4];
|
||||||
$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
|
$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
|
||||||
|
|
||||||
$user_login=addslashes($userdata[0]);
|
$user_login=$wpdb->escape($userdata[0]);
|
||||||
$pass1=addslashes($userdata[1]);
|
$pass1=$wpdb->escape($userdata[1]);
|
||||||
$user_nickname=addslashes($userdata[0]);
|
$user_nickname=$wpdb->escape($userdata[0]);
|
||||||
$user_email=addslashes($userdata[2]);
|
$user_email=$wpdb->escape($userdata[2]);
|
||||||
$user_url=addslashes($userdata[3]);
|
$user_url=$wpdb->escape($userdata[3]);
|
||||||
$user_joindate=addslashes($user_joindate);
|
$user_joindate=$wpdb->escape($user_joindate);
|
||||||
|
|
||||||
$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
|
$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
|
||||||
if ($loginthere) {
|
if ($loginthere) {
|
||||||
@ -147,18 +147,18 @@ case "step1":
|
|||||||
$postmaincontent=gm2autobr($entry[2]);
|
$postmaincontent=gm2autobr($entry[2]);
|
||||||
$postmorecontent=gm2autobr($entry[3]);
|
$postmorecontent=gm2autobr($entry[3]);
|
||||||
|
|
||||||
$post_author=trim(addslashes($postinfo[1]));
|
$post_author=trim($wpdb->escape($postinfo[1]));
|
||||||
// we'll check the author is registered, or if it's a deleted author
|
// we'll check the author is registered, or if it's a deleted author
|
||||||
$sql = "SELECT * FROM $wpdb->users WHERE user_login = '$post_author'";
|
$sql = "SELECT * FROM $wpdb->users WHERE user_login = '$post_author'";
|
||||||
$result = $wpdb->query($sql);
|
$result = $wpdb->query($sql);
|
||||||
if (! $result) { // if deleted from GM, we register the author as a level 0 user in wp
|
if (! $result) { // if deleted from GM, we register the author as a level 0 user in wp
|
||||||
$user_joindate="1979-06-06 00:41:00";
|
$user_joindate="1979-06-06 00:41:00";
|
||||||
$user_login=addslashes($post_author);
|
$user_login=$wpdb->escape($post_author);
|
||||||
$pass1=addslashes("password");
|
$pass1=$wpdb->escape("password");
|
||||||
$user_nickname=addslashes($post_author);
|
$user_nickname=$wpdb->escape($post_author);
|
||||||
$user_email=addslashes("user@deleted.com");
|
$user_email=$wpdb->escape("user@deleted.com");
|
||||||
$user_url=addslashes("");
|
$user_url=$wpdb->escape("");
|
||||||
$user_joindate=addslashes($user_joindate);
|
$user_joindate=$wpdb->escape($user_joindate);
|
||||||
$query = "INSERT INTO $wpdb->users (user_login,user_pass,user_email,user_url,user_registered,user_level) VALUES ('$user_login','$pass1','$user_email','$user_url','$user_joindate','0')";
|
$query = "INSERT INTO $wpdb->users (user_login,user_pass,user_email,user_url,user_registered,user_level) VALUES ('$user_login','$pass1','$user_email','$user_url','$user_joindate','0')";
|
||||||
$result = $wpdb->query($query);
|
$result = $wpdb->query($query);
|
||||||
if ($result==false) {
|
if ($result==false) {
|
||||||
@ -171,7 +171,7 @@ case "step1":
|
|||||||
$post_author_ID = $wpdb->get_var($sql);
|
$post_author_ID = $wpdb->get_var($sql);
|
||||||
|
|
||||||
$post_title=gm2autobr($postinfo[2]);
|
$post_title=gm2autobr($postinfo[2]);
|
||||||
$post_title=addslashes($post_title);
|
$post_title=$wpdb->escape($post_title);
|
||||||
|
|
||||||
$postyear=$postinfo[6];
|
$postyear=$postinfo[6];
|
||||||
$postmonth=zeroise($postinfo[4],2);
|
$postmonth=zeroise($postinfo[4],2);
|
||||||
@ -188,7 +188,7 @@ case "step1":
|
|||||||
$post_content=$postmaincontent;
|
$post_content=$postmaincontent;
|
||||||
if (strlen($postmorecontent)>3)
|
if (strlen($postmorecontent)>3)
|
||||||
$post_content .= "<!--more--><br /><br />".$postmorecontent;
|
$post_content .= "<!--more--><br /><br />".$postmorecontent;
|
||||||
$post_content=addslashes($post_content);
|
$post_content=$wpdb->escape($post_content);
|
||||||
|
|
||||||
$post_karma=$postinfo[12];
|
$post_karma=$postinfo[12];
|
||||||
|
|
||||||
@ -222,10 +222,10 @@ case "step1":
|
|||||||
$entry[$j]=gm2autobr($entry[$j]);
|
$entry[$j]=gm2autobr($entry[$j]);
|
||||||
$commentinfo=explode("|",$entry[$j]);
|
$commentinfo=explode("|",$entry[$j]);
|
||||||
$comment_post_ID=$post_ID;
|
$comment_post_ID=$post_ID;
|
||||||
$comment_author=addslashes($commentinfo[0]);
|
$comment_author=$wpdb->escape($commentinfo[0]);
|
||||||
$comment_author_email=addslashes($commentinfo[2]);
|
$comment_author_email=$wpdb->escape($commentinfo[2]);
|
||||||
$comment_author_url=addslashes($commentinfo[3]);
|
$comment_author_url=$wpdb->escape($commentinfo[3]);
|
||||||
$comment_author_IP=addslashes($commentinfo[1]);
|
$comment_author_IP=$wpdb->escape($commentinfo[1]);
|
||||||
|
|
||||||
$commentyear=$commentinfo[7];
|
$commentyear=$commentinfo[7];
|
||||||
$commentmonth=zeroise($commentinfo[5],2);
|
$commentmonth=zeroise($commentinfo[5],2);
|
||||||
@ -237,7 +237,7 @@ case "step1":
|
|||||||
$commenthour=$commenthour+12;
|
$commenthour=$commenthour+12;
|
||||||
$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
|
$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
|
||||||
|
|
||||||
$comment_content=addslashes($commentinfo[12]);
|
$comment_content=$wpdb->escape($commentinfo[12]);
|
||||||
|
|
||||||
$sql3 = "INSERT INTO $wpdb->comments (comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content) VALUES ('$comment_post_ID','$comment_author','$comment_author_email','$comment_author_url','$comment_author_IP','$comment_date','$comment_content')";
|
$sql3 = "INSERT INTO $wpdb->comments (comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content) VALUES ('$comment_post_ID','$comment_author','$comment_author_email','$comment_author_url','$comment_author_IP','$comment_date','$comment_content')";
|
||||||
$result3 = $wpdb->query($sql3);
|
$result3 = $wpdb->query($sql3);
|
||||||
|
|||||||
@ -82,7 +82,7 @@ $title = $date = $categories = $content = $post_id = '';
|
|||||||
echo "<li>Importing post... ";
|
echo "<li>Importing post... ";
|
||||||
|
|
||||||
preg_match('|<subject>(.*?)</subject>|is', $post, $title);
|
preg_match('|<subject>(.*?)</subject>|is', $post, $title);
|
||||||
$title = addslashes( trim($title[1]) );
|
$title = $wpdb->escape( trim($title[1]) );
|
||||||
$post_name = sanitize_title($title);
|
$post_name = sanitize_title($title);
|
||||||
|
|
||||||
preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $date);
|
preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $date);
|
||||||
@ -92,7 +92,7 @@ $post_date = date('Y-m-d H:i:s', $date);
|
|||||||
|
|
||||||
|
|
||||||
preg_match('|<event>(.*?)</event>|is', $post, $content);
|
preg_match('|<event>(.*?)</event>|is', $post, $content);
|
||||||
$content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );
|
$content = str_replace( array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($content[1]) ) );
|
||||||
|
|
||||||
// Now lets put it in the DB
|
// Now lets put it in the DB
|
||||||
if ($wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'")) :
|
if ($wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'")) :
|
||||||
|
|||||||
@ -206,7 +206,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
|
|
||||||
// We want the excerpt
|
// We want the excerpt
|
||||||
preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
|
preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
|
||||||
$excerpt = addslashes(trim($excerpt[1]));
|
$excerpt = $wpdb->escape(trim($excerpt[1]));
|
||||||
$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
|
$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
|
||||||
|
|
||||||
// We're going to put extended body into main body with a more tag
|
// We're going to put extended body into main body with a more tag
|
||||||
@ -218,7 +218,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
// Now for the main body
|
// Now for the main body
|
||||||
preg_match("|-----\nBODY:(.*)|s", $post, $body);
|
preg_match("|-----\nBODY:(.*)|s", $post, $body);
|
||||||
$body = trim($body[1]);
|
$body = trim($body[1]);
|
||||||
$post_content = addslashes($body . $extended);
|
$post_content = $wpdb->escape($body . $extended);
|
||||||
$post = preg_replace("|(-----\nBODY:.*)|s", '', $post);
|
$post = preg_replace("|(-----\nBODY:.*)|s", '', $post);
|
||||||
|
|
||||||
// Grab the metadata from what's left
|
// Grab the metadata from what's left
|
||||||
@ -235,7 +235,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
$post_author = $value;
|
$post_author = $value;
|
||||||
break;
|
break;
|
||||||
case 'TITLE':
|
case 'TITLE':
|
||||||
$post_title = addslashes($value);
|
$post_title = $wpdb->escape($value);
|
||||||
echo '<i>'.stripslashes($post_title).'</i>... ';
|
echo '<i>'.stripslashes($post_title).'</i>... ';
|
||||||
$post_name = sanitize_title($post_title);
|
$post_name = sanitize_title($post_title);
|
||||||
break;
|
break;
|
||||||
@ -264,10 +264,10 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'PRIMARY CATEGORY':
|
case 'PRIMARY CATEGORY':
|
||||||
$post_categories[] = addslashes($value);
|
$post_categories[] = $wpdb->escape($value);
|
||||||
break;
|
break;
|
||||||
case 'CATEGORY':
|
case 'CATEGORY':
|
||||||
$post_categories[] = addslashes($value);
|
$post_categories[] = $wpdb->escape($value);
|
||||||
break;
|
break;
|
||||||
case 'DATE':
|
case 'DATE':
|
||||||
$post_date = strtotime($value);
|
$post_date = strtotime($value);
|
||||||
@ -323,11 +323,11 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
if ('' != trim($comment)) {
|
if ('' != trim($comment)) {
|
||||||
// Author
|
// Author
|
||||||
preg_match("|AUTHOR:(.*)|", $comment, $comment_author);
|
preg_match("|AUTHOR:(.*)|", $comment, $comment_author);
|
||||||
$comment_author = addslashes(trim($comment_author[1]));
|
$comment_author = $wpdb->escape(trim($comment_author[1]));
|
||||||
$comment = preg_replace('|(\n?AUTHOR:.*)|', '', $comment);
|
$comment = preg_replace('|(\n?AUTHOR:.*)|', '', $comment);
|
||||||
|
|
||||||
preg_match("|EMAIL:(.*)|", $comment, $comment_email);
|
preg_match("|EMAIL:(.*)|", $comment, $comment_email);
|
||||||
$comment_email = addslashes(trim($comment_email[1]));
|
$comment_email = $wpdb->escape(trim($comment_email[1]));
|
||||||
$comment = preg_replace('|(\n?EMAIL:.*)|', '', $comment);
|
$comment = preg_replace('|(\n?EMAIL:.*)|', '', $comment);
|
||||||
|
|
||||||
preg_match("|IP:(.*)|", $comment, $comment_ip);
|
preg_match("|IP:(.*)|", $comment, $comment_ip);
|
||||||
@ -335,7 +335,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
$comment = preg_replace('|(\n?IP:.*)|', '', $comment);
|
$comment = preg_replace('|(\n?IP:.*)|', '', $comment);
|
||||||
|
|
||||||
preg_match("|URL:(.*)|", $comment, $comment_url);
|
preg_match("|URL:(.*)|", $comment, $comment_url);
|
||||||
$comment_url = addslashes(trim($comment_url[1]));
|
$comment_url = $wpdb->escape(trim($comment_url[1]));
|
||||||
$comment = preg_replace('|(\n?URL:.*)|', '', $comment);
|
$comment = preg_replace('|(\n?URL:.*)|', '', $comment);
|
||||||
|
|
||||||
preg_match("|DATE:(.*)|", $comment, $comment_date);
|
preg_match("|DATE:(.*)|", $comment, $comment_date);
|
||||||
@ -343,7 +343,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
|
$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
|
||||||
$comment = preg_replace('|(\n?DATE:.*)|', '', $comment);
|
$comment = preg_replace('|(\n?DATE:.*)|', '', $comment);
|
||||||
|
|
||||||
$comment_content = addslashes(trim($comment));
|
$comment_content = $wpdb->escape(trim($comment));
|
||||||
$comment_content = str_replace('-----', '', $comment_content);
|
$comment_content = str_replace('-----', '', $comment_content);
|
||||||
|
|
||||||
// Check if it's already there
|
// Check if it's already there
|
||||||
@ -364,7 +364,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
if ('' != trim($ping)) {
|
if ('' != trim($ping)) {
|
||||||
// 'Author'
|
// 'Author'
|
||||||
preg_match("|BLOG NAME:(.*)|", $ping, $comment_author);
|
preg_match("|BLOG NAME:(.*)|", $ping, $comment_author);
|
||||||
$comment_author = addslashes(trim($comment_author[1]));
|
$comment_author = $wpdb->escape(trim($comment_author[1]));
|
||||||
$ping = preg_replace('|(\n?BLOG NAME:.*)|', '', $ping);
|
$ping = preg_replace('|(\n?BLOG NAME:.*)|', '', $ping);
|
||||||
|
|
||||||
$comment_email = '';
|
$comment_email = '';
|
||||||
@ -374,7 +374,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
$ping = preg_replace('|(\n?IP:.*)|', '', $ping);
|
$ping = preg_replace('|(\n?IP:.*)|', '', $ping);
|
||||||
|
|
||||||
preg_match("|URL:(.*)|", $ping, $comment_url);
|
preg_match("|URL:(.*)|", $ping, $comment_url);
|
||||||
$comment_url = addslashes(trim($comment_url[1]));
|
$comment_url = $wpdb->escape(trim($comment_url[1]));
|
||||||
$ping = preg_replace('|(\n?URL:.*)|', '', $ping);
|
$ping = preg_replace('|(\n?URL:.*)|', '', $ping);
|
||||||
|
|
||||||
preg_match("|DATE:(.*)|", $ping, $comment_date);
|
preg_match("|DATE:(.*)|", $ping, $comment_date);
|
||||||
@ -383,10 +383,10 @@ foreach ($posts as $post) { if ('' != trim($post)) {
|
|||||||
$ping = preg_replace('|(\n?DATE:.*)|', '', $ping);
|
$ping = preg_replace('|(\n?DATE:.*)|', '', $ping);
|
||||||
|
|
||||||
preg_match("|TITLE:(.*)|", $ping, $ping_title);
|
preg_match("|TITLE:(.*)|", $ping, $ping_title);
|
||||||
$ping_title = addslashes(trim($ping_title[1]));
|
$ping_title = $wpdb->escape(trim($ping_title[1]));
|
||||||
$ping = preg_replace('|(\n?TITLE:.*)|', '', $ping);
|
$ping = preg_replace('|(\n?TITLE:.*)|', '', $ping);
|
||||||
|
|
||||||
$comment_content = addslashes(trim($ping));
|
$comment_content = $wpdb->escape(trim($ping));
|
||||||
$comment_content = str_replace('-----', '', $comment_content);
|
$comment_content = str_replace('-----', '', $comment_content);
|
||||||
|
|
||||||
$comment_content = "<strong>$ping_title</strong>\n\n$comment_content";
|
$comment_content = "<strong>$ping_title</strong>\n\n$comment_content";
|
||||||
|
|||||||
@ -87,7 +87,7 @@ $title = $date = $categories = $content = $post_id = '';
|
|||||||
echo "<li>Importing post... ";
|
echo "<li>Importing post... ";
|
||||||
|
|
||||||
preg_match('|<title>(.*?)</title>|is', $post, $title);
|
preg_match('|<title>(.*?)</title>|is', $post, $title);
|
||||||
$title = addslashes( trim($title[1]) );
|
$title = $wpdb->escape( trim($title[1]) );
|
||||||
$post_name = sanitize_title($title);
|
$post_name = sanitize_title($title);
|
||||||
|
|
||||||
preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $date);
|
preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $date);
|
||||||
@ -112,11 +112,11 @@ if (!$categories) :
|
|||||||
endif;
|
endif;
|
||||||
|
|
||||||
preg_match('|<guid.+?>(.*?)</guid>|is', $post, $guid);
|
preg_match('|<guid.+?>(.*?)</guid>|is', $post, $guid);
|
||||||
if ($guid) $guid = addslashes( trim($guid[1]) );
|
if ($guid) $guid = $wpdb->escape( trim($guid[1]) );
|
||||||
else $guid = '';
|
else $guid = '';
|
||||||
|
|
||||||
preg_match('|<content:encoded>(.*?)</content:encoded>|is', $post, $content);
|
preg_match('|<content:encoded>(.*?)</content:encoded>|is', $post, $content);
|
||||||
$content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );
|
$content = str_replace( array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($content[1]) ) );
|
||||||
|
|
||||||
if (!$content) : // This is for feeds that put content in description
|
if (!$content) : // This is for feeds that put content in description
|
||||||
preg_match('|<description>(.*?)</description>|is', $post, $content);
|
preg_match('|<description>(.*?)</description>|is', $post, $content);
|
||||||
|
|||||||
@ -98,8 +98,8 @@ while ($post = mysql_fetch_array($posts)) {
|
|||||||
$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
|
$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
|
||||||
$posted = date('Y-m-d H:i:s', $timestamp);
|
$posted = date('Y-m-d H:i:s', $timestamp);
|
||||||
|
|
||||||
$content = addslashes($post['Body_html']);
|
$content = $wpdb->escape($post['Body_html']);
|
||||||
$title = addslashes($post['Title']);
|
$title = $wpdb->escape($post['Title']);
|
||||||
$post_name = sanitize_title($title);
|
$post_name = sanitize_title($title);
|
||||||
|
|
||||||
$wpdb->query("INSERT INTO $wpdb->posts
|
$wpdb->query("INSERT INTO $wpdb->posts
|
||||||
|
|||||||
@ -143,7 +143,7 @@ $wpdb->query("UPDATE $wpdb->options SET option_value = '$weblog_title' WHERE opt
|
|||||||
$wpdb->query("UPDATE $wpdb->options SET option_value = '$admin_email' WHERE option_name = 'admin_email'");
|
$wpdb->query("UPDATE $wpdb->options SET option_value = '$admin_email' WHERE option_name = 'admin_email'");
|
||||||
|
|
||||||
// Now drop in some default links
|
// Now drop in some default links
|
||||||
$wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".addslashes(__('Blogroll'))."')");
|
$wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".$wpdb->escape(__('Blogroll'))."')");
|
||||||
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blog.carthik.net/index.php', 'Carthik', 1, 'http://blog.carthik.net/feed/');");
|
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blog.carthik.net/index.php', 'Carthik', 1, 'http://blog.carthik.net/feed/');");
|
||||||
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/');");
|
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/');");
|
||||||
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://zengun.org/weblog/', 'Michel', 1, 'http://zengun.org/weblog/feed/');");
|
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://zengun.org/weblog/', 'Michel', 1, 'http://zengun.org/weblog/feed/');");
|
||||||
@ -154,21 +154,21 @@ $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link
|
|||||||
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://dougal.gunters.org/', 'Dougal', 1, 'http://dougal.gunters.org/feed/');");
|
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://dougal.gunters.org/', 'Dougal', 1, 'http://dougal.gunters.org/feed/');");
|
||||||
|
|
||||||
// Default category
|
// Default category
|
||||||
$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '".addslashes(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')");
|
$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '".$wpdb->escape(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')");
|
||||||
|
|
||||||
// First post
|
// First post
|
||||||
$now = date('Y-m-d H:i:s');
|
$now = date('Y-m-d H:i:s');
|
||||||
$now_gmt = gmdate('Y-m-d H:i:s');
|
$now_gmt = gmdate('Y-m-d H:i:s');
|
||||||
$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '".addslashes(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".addslashes(__('Hello world!'))."', '0', '".addslashes(__('hello-world'))."', '$now', '$now_gmt')");
|
$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(__('hello-world'))."', '$now', '$now_gmt')");
|
||||||
|
|
||||||
$wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
|
$wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
|
||||||
|
|
||||||
// Default comment
|
// Default comment
|
||||||
$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
|
$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
|
||||||
|
|
||||||
// First Page
|
// First Page
|
||||||
|
|
||||||
$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status) VALUES ('1', '$now', '$now_gmt', '".addslashes(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '".addslashes(__('About'))."', '0', '".addslashes(__('about'))."', '$now', '$now_gmt', 'static')");
|
$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static')");
|
||||||
|
|
||||||
// Set up admin user
|
// Set up admin user
|
||||||
$random_password = substr(md5(uniqid(microtime())), 0, 6);
|
$random_password = substr(md5(uniqid(microtime())), 0, 6);
|
||||||
|
|||||||
@ -60,9 +60,9 @@ switch ($action) {
|
|||||||
if ($sort_desc != 'Y') {
|
if ($sort_desc != 'Y') {
|
||||||
$sort_desc = 'N';
|
$sort_desc = 'N';
|
||||||
}
|
}
|
||||||
$text_before_link = addslashes($_POST['text_before_link']);
|
$text_before_link = $_POST['text_before_link'];
|
||||||
$text_after_link = addslashes($_POST['text_after_link']);
|
$text_after_link = $_POST['text_after_link'];
|
||||||
$text_after_all = addslashes($_POST['text_after_all']);
|
$text_after_all = $_POST['text_after_all'];
|
||||||
|
|
||||||
$list_limit = $_POST['list_limit'];
|
$list_limit = $_POST['list_limit'];
|
||||||
if ($list_limit == '')
|
if ($list_limit == '')
|
||||||
@ -238,9 +238,9 @@ switch ($action) {
|
|||||||
if ($sort_desc != 'Y') {
|
if ($sort_desc != 'Y') {
|
||||||
$sort_desc = 'N';
|
$sort_desc = 'N';
|
||||||
}
|
}
|
||||||
$text_before_link = addslashes($_POST["text_before_link"]);
|
$text_before_link = $_POST["text_before_link"];
|
||||||
$text_after_link = addslashes($_POST["text_after_link"]);
|
$text_after_link = $_POST["text_after_link"];
|
||||||
$text_after_all = addslashes($_POST["text_after_all"]);
|
$text_after_all = $_POST["text_after_all"];
|
||||||
|
|
||||||
$list_limit = $_POST["list_limit"];
|
$list_limit = $_POST["list_limit"];
|
||||||
if ($list_limit == '')
|
if ($list_limit == '')
|
||||||
|
|||||||
@ -107,7 +107,7 @@ switch ($step) {
|
|||||||
if ('http' == substr($titles[$i], 0, 4))
|
if ('http' == substr($titles[$i], 0, 4))
|
||||||
$titles[$i] = '';
|
$titles[$i] = '';
|
||||||
$query = "INSERT INTO $wpdb->links (link_url, link_name, link_target, link_category, link_description, link_owner, link_rss)
|
$query = "INSERT INTO $wpdb->links (link_url, link_name, link_target, link_category, link_description, link_owner, link_rss)
|
||||||
VALUES('{$urls[$i]}', '".addslashes($names[$i])."', '', $cat_id, '".addslashes($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";
|
VALUES('{$urls[$i]}', '".$wpdb->escape($names[$i])."', '', $cat_id, '".$wpdb->escape($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";
|
||||||
$result = $wpdb->query($query);
|
$result = $wpdb->query($query);
|
||||||
echo sprintf(__("<p>Inserted <strong>%s</strong></p>"), $names[$i]);
|
echo sprintf(__("<p>Inserted <strong>%s</strong></p>"), $names[$i]);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,8 +36,8 @@ if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) )
|
|||||||
$returns = explode("\n", $body);
|
$returns = explode("\n", $body);
|
||||||
|
|
||||||
foreach ($returns as $return) :
|
foreach ($returns as $return) :
|
||||||
$time = addslashes( substr($return, 0, 19) );
|
$time = $wpdb->escape( substr($return, 0, 19) );
|
||||||
$uri = addslashes( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
|
$uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
|
||||||
$wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'");
|
$wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'");
|
||||||
endforeach;
|
endforeach;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -221,23 +221,23 @@ function upgrade_160() {
|
|||||||
$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
|
$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
|
||||||
foreach ( $users as $user ) :
|
foreach ( $users as $user ) :
|
||||||
if ( !empty( $user->user_firstname ) )
|
if ( !empty( $user->user_firstname ) )
|
||||||
update_usermeta( $user->ID, 'first_name', addslashes($user->user_firstname) );
|
update_usermeta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) );
|
||||||
if ( !empty( $user->user_lastname ) )
|
if ( !empty( $user->user_lastname ) )
|
||||||
update_usermeta( $user->ID, 'last_name', addslashes($user->user_lastname) );
|
update_usermeta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
|
||||||
if ( !empty( $user->user_nickname ) )
|
if ( !empty( $user->user_nickname ) )
|
||||||
update_usermeta( $user->ID, 'nickname', addslashes($user->user_nickname) );
|
update_usermeta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
|
||||||
if ( !empty( $user->user_level ) )
|
if ( !empty( $user->user_level ) )
|
||||||
update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level );
|
update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level );
|
||||||
if ( !empty( $user->user_icq ) )
|
if ( !empty( $user->user_icq ) )
|
||||||
update_usermeta( $user->ID, 'icq', addslashes($user->user_icq) );
|
update_usermeta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
|
||||||
if ( !empty( $user->user_aim ) )
|
if ( !empty( $user->user_aim ) )
|
||||||
update_usermeta( $user->ID, 'aim', addslashes($user->user_aim) );
|
update_usermeta( $user->ID, 'aim', $wpdb->escape($user->user_aim) );
|
||||||
if ( !empty( $user->user_msn ) )
|
if ( !empty( $user->user_msn ) )
|
||||||
update_usermeta( $user->ID, 'msn', addslashes($user->user_msn) );
|
update_usermeta( $user->ID, 'msn', $wpdb->escape($user->user_msn) );
|
||||||
if ( !empty( $user->user_yim ) )
|
if ( !empty( $user->user_yim ) )
|
||||||
update_usermeta( $user->ID, 'yim', addslashes($user->user_icq) );
|
update_usermeta( $user->ID, 'yim', $wpdb->escape($user->user_icq) );
|
||||||
if ( !empty( $user->user_description ) )
|
if ( !empty( $user->user_description ) )
|
||||||
update_usermeta( $user->ID, 'description', addslashes($user->user_description) );
|
update_usermeta( $user->ID, 'description', $wpdb->escape($user->user_description) );
|
||||||
|
|
||||||
if ( !isset( $user->user_idmode ) ):
|
if ( !isset( $user->user_idmode ) ):
|
||||||
$idmode = $user->user_idmode;
|
$idmode = $user->user_idmode;
|
||||||
@ -248,7 +248,7 @@ function upgrade_160() {
|
|||||||
if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
|
if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
|
||||||
if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
|
if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
|
||||||
if (!$idmode) $id = $user->user_nickname;
|
if (!$idmode) $id = $user->user_nickname;
|
||||||
$id = addslashes( $id );
|
$id = $wpdb->escape( $id );
|
||||||
$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
|
$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
|
||||||
endif;
|
endif;
|
||||||
endforeach;
|
endforeach;
|
||||||
|
|||||||
@ -24,9 +24,9 @@ $comment_content = trim($_POST['comment']);
|
|||||||
// If the user is logged in
|
// If the user is logged in
|
||||||
get_currentuserinfo();
|
get_currentuserinfo();
|
||||||
if ( $user_ID ) :
|
if ( $user_ID ) :
|
||||||
$comment_author = addslashes($user_identity);
|
$comment_author = $wpdb->escape($user_identity);
|
||||||
$comment_author_email = addslashes($user_email);
|
$comment_author_email = $wpdb->escape($user_email);
|
||||||
$comment_author_url = addslashes($user_url);
|
$comment_author_url = $wpdb->escape($user_url);
|
||||||
else :
|
else :
|
||||||
if ( get_option('comment_registration') )
|
if ( get_option('comment_registration') )
|
||||||
die( __('Sorry, you must be logged in to post a comment.') );
|
die( __('Sorry, you must be logged in to post a comment.') );
|
||||||
|
|||||||
@ -13,8 +13,8 @@ function comments_template( $file = '/comments.php' ) {
|
|||||||
if ( empty($comment_author) ) {
|
if ( empty($comment_author) ) {
|
||||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
|
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
|
||||||
} else {
|
} else {
|
||||||
$author_db = addslashes($comment_author);
|
$author_db = $wpdb->escape($comment_author);
|
||||||
$email_db = addslashes($comment_author_email);
|
$email_db = $wpdb->escape($comment_author_email);
|
||||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
|
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -523,10 +523,13 @@ function trailingslashit($string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function addslashes_gpc($gpc) {
|
function addslashes_gpc($gpc) {
|
||||||
if (!get_magic_quotes_gpc()) {
|
global $wpdb;
|
||||||
$gpc = addslashes($gpc);
|
|
||||||
|
if (get_magic_quotes_gpc()) {
|
||||||
|
$gpc = stripslashes($gpc);
|
||||||
}
|
}
|
||||||
return $gpc;
|
|
||||||
|
return $wpdb->escape($gpc);
|
||||||
}
|
}
|
||||||
|
|
||||||
function antispambot($emailaddy, $mailto=0) {
|
function antispambot($emailaddy, $mailto=0) {
|
||||||
|
|||||||
@ -843,7 +843,7 @@ function do_enclose( $content, $post_ID ) {
|
|||||||
if ( $url != '' && !$wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) {
|
if ( $url != '' && !$wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) {
|
||||||
if ( $headers = wp_get_http_headers( $url) ) {
|
if ( $headers = wp_get_http_headers( $url) ) {
|
||||||
$len = (int) $headers['content-length'];
|
$len = (int) $headers['content-length'];
|
||||||
$type = addslashes( $headers['content-type'] );
|
$type = $wpdb->escape( $headers['content-type'] );
|
||||||
$allowed_types = array( 'video', 'audio' );
|
$allowed_types = array( 'video', 'audio' );
|
||||||
if( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
|
if( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
|
||||||
$meta_value = "$url\n$len\n$type\n";
|
$meta_value = "$url\n$len\n$type\n";
|
||||||
@ -1882,11 +1882,13 @@ function load_template($file) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function add_magic_quotes($array) {
|
function add_magic_quotes($array) {
|
||||||
|
global $wpdb;
|
||||||
|
|
||||||
foreach ($array as $k => $v) {
|
foreach ($array as $k => $v) {
|
||||||
if (is_array($v)) {
|
if (is_array($v)) {
|
||||||
$array[$k] = add_magic_quotes($v);
|
$array[$k] = add_magic_quotes($v);
|
||||||
} else {
|
} else {
|
||||||
$array[$k] = addslashes($v);
|
$array[$k] = $wpdb->escape($v);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $array;
|
return $array;
|
||||||
|
|||||||
@ -136,13 +136,20 @@ load_default_textdomain();
|
|||||||
// Pull in locale data after loading text domain.
|
// Pull in locale data after loading text domain.
|
||||||
require_once(ABSPATH . WPINC . '/locale.php');
|
require_once(ABSPATH . WPINC . '/locale.php');
|
||||||
|
|
||||||
if ( !get_magic_quotes_gpc() ) {
|
// If already slashed, strip.
|
||||||
$_GET = add_magic_quotes($_GET );
|
if ( get_magic_quotes_gpc() ) {
|
||||||
$_POST = add_magic_quotes($_POST );
|
$_GET = stripslashes($_GET );
|
||||||
$_COOKIE = add_magic_quotes($_COOKIE);
|
$_POST = stripslashes($_POST );
|
||||||
$_SERVER = add_magic_quotes($_SERVER);
|
$_COOKIE = stripslashes($_COOKIE);
|
||||||
|
$_SERVER = stripslashes($_SERVER);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Escape with wpdb.
|
||||||
|
$_GET = add_magic_quotes($_GET );
|
||||||
|
$_POST = add_magic_quotes($_POST );
|
||||||
|
$_COOKIE = add_magic_quotes($_COOKIE);
|
||||||
|
$_SERVER = add_magic_quotes($_SERVER);
|
||||||
|
|
||||||
function shutdown_action_hook() {
|
function shutdown_action_hook() {
|
||||||
do_action('shutdown');
|
do_action('shutdown');
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1249,7 +1249,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
|||||||
|
|
||||||
$context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
|
$context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
|
||||||
$original_pagelinkedfrom = $pagelinkedfrom;
|
$original_pagelinkedfrom = $pagelinkedfrom;
|
||||||
$pagelinkedfrom = addslashes( $pagelinkedfrom );
|
$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
|
||||||
$original_title = $title;
|
$original_title = $title;
|
||||||
|
|
||||||
$comment_post_ID = $post_ID;
|
$comment_post_ID = $post_ID;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user