diff --git a/wp-admin/admin.php b/wp-admin/admin.php index 4e739c3c8d..1b58b4bafe 100644 --- a/wp-admin/admin.php +++ b/wp-admin/admin.php @@ -43,7 +43,7 @@ if ( get_option('db_upgraded') ) { do_action('after_db_upgrade'); } elseif ( get_option('db_version') != $wp_db_version && empty($_POST) ) { if ( !is_multisite() ) { - wp_redirect( admin_url( 'upgrade.php?_wp_http_referer=' . urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ); + wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI'])))); exit; } elseif ( apply_filters( 'do_mu_upgrade', true ) ) { /** @@ -82,7 +82,7 @@ wp_enqueue_script( 'common' ); $editing = false; if ( isset($_GET['page']) ) { - $plugin_page = wp_unslash( $_GET['page'] ); + $plugin_page = stripslashes($_GET['page']); $plugin_page = plugin_basename($plugin_page); } diff --git a/wp-admin/custom-background.php b/wp-admin/custom-background.php index 85a684b792..a924ecaf79 100644 --- a/wp-admin/custom-background.php +++ b/wp-admin/custom-background.php @@ -378,7 +378,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) ) // Add the meta-data wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) ); - wp_update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); + update_post_meta( $id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); set_theme_mod('background_image', esc_url_raw($url)); @@ -415,7 +415,7 @@ if ( current_theme_supports( 'custom-background', 'default-color' ) ) if ( in_array( $_POST['size'], $sizes ) ) $size = esc_attr( $_POST['size'] ); - wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); + update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', get_option('stylesheet' ) ); $url = wp_get_attachment_image_src( $attachment_id, $size ); $thumbnail = wp_get_attachment_image_src( $attachment_id, 'thumbnail' ); set_theme_mod( 'background_image', esc_url_raw( $url[0] ) ); diff --git a/wp-admin/custom-header.php b/wp-admin/custom-header.php index 10c81a31eb..7629af3d3a 100644 --- a/wp-admin/custom-header.php +++ b/wp-admin/custom-header.php @@ -948,7 +948,7 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 'width' => $choice['width'], ); - wp_update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); + update_post_meta( $choice['attachment_id'], '_wp_attachment_is_custom_header', get_stylesheet() ); set_theme_mod( 'header_image', $choice['url'] ); set_theme_mod( 'header_image_data', $header_image_data ); return; diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index f6dd19c0b3..174cd9af11 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -20,9 +20,9 @@ if ( $doaction ) { check_admin_referer( 'bulk-comments' ); if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) { - $comment_status = $_REQUEST['comment_status']; - $delete_time = $_REQUEST['pagegen_timestamp']; - $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) ); + $comment_status = $wpdb->escape( $_REQUEST['comment_status'] ); + $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); + $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" ); $doaction = 'delete'; } elseif ( isset( $_REQUEST['delete_comments'] ) ) { $comment_ids = $_REQUEST['delete_comments']; @@ -95,7 +95,7 @@ if ( $doaction ) { wp_safe_redirect( $redirect_to ); exit; } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); exit; } @@ -153,7 +153,7 @@ else echo __('Comments'); if ( isset($_REQUEST['s']) && $_REQUEST['s'] ) - printf( '' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50 ) ) . '' ); ?> + printf( '' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '' ); ?> cap->create - + comment_ID) ?>" /> - + diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php index 0aca6e7bc1..6d81ec0144 100644 --- a/wp-admin/edit-link-form.php +++ b/wp-admin/edit-link-form.php @@ -126,6 +126,7 @@ do_meta_boxes(null, 'advanced', $link); if ( $link_id ) : ?> + diff --git a/wp-admin/edit-tags.php b/wp-admin/edit-tags.php index 8d3a02abd8..7250a66984 100644 --- a/wp-admin/edit-tags.php +++ b/wp-admin/edit-tags.php @@ -47,9 +47,7 @@ case 'add-tag': if ( !current_user_can( $tax->cap->edit_terms ) ) wp_die( __( 'Cheatin’ uh?' ) ); - $post_data = wp_unslash( $_POST ); - - $ret = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); + $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ( 'post' != $post_type ) $location .= '&post_type=' . $post_type; @@ -134,10 +132,7 @@ case 'edit': break; case 'editedtag': - - $post_data = wp_unslash( $_POST ); - - $tag_ID = (int) $post_data['tag_ID']; + $tag_ID = (int) $_POST['tag_ID']; check_admin_referer( 'update-tag_' . $tag_ID ); if ( !current_user_can( $tax->cap->edit_terms ) ) @@ -147,7 +142,7 @@ case 'editedtag': if ( ! $tag ) wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); - $ret = wp_update_term( $tag_ID, $taxonomy, $post_data ); + $ret = wp_update_term( $tag_ID, $taxonomy, $_POST ); $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ( 'post' != $post_type ) @@ -169,7 +164,7 @@ break; default: if ( ! empty($_REQUEST['_wp_http_referer']) ) { - $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ); + $location = remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ); if ( ! empty( $_REQUEST['paged'] ) ) $location = add_query_arg( 'paged', (int) $_REQUEST['paged'] ); @@ -269,8 +264,8 @@ $messages[6] = __('Items deleted.');

' . __('Search results for “%s”') . '', esc_html( wp_unslash( $_REQUEST['s'] ) ) ); ?> +if ( !empty($_REQUEST['s']) ) + printf( '' . __('Search results for “%s”') . '', esc_html( stripslashes($_REQUEST['s']) ) ); ?>

diff --git a/wp-admin/edit.php b/wp-admin/edit.php index 0fe509ee6d..507c76554d 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -138,7 +138,7 @@ if ( $doaction ) { wp_redirect($sendback); exit(); } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) { - wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) ); exit; } diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 2cab400a6a..04d7312c1a 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -59,7 +59,7 @@ function wp_ajax_ajax_tag_search() { wp_die( 0 ); } - $s = wp_unslash( $_GET['q'] ); + $s = stripslashes( $_GET['q'] ); $comma = _x( ',', 'tag delimiter' ); if ( ',' !== $comma ) @@ -279,21 +279,19 @@ function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { */ function _wp_ajax_add_hierarchical_term() { - $post_data = wp_unslash( $_POST ); - - $action = $post_data['action']; + $action = $_POST['action']; $taxonomy = get_taxonomy(substr($action, 4)); check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); if ( !current_user_can( $taxonomy->cap->edit_terms ) ) wp_die( -1 ); - $names = explode(',', $post_data['new'.$taxonomy->name]); - $parent = isset($post_data['new'.$taxonomy->name.'_parent']) ? (int) $post_data['new'.$taxonomy->name.'_parent'] : 0; + $names = explode(',', $_POST['new'.$taxonomy->name]); + $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; if ( 0 > $parent ) $parent = 0; if ( $taxonomy->name == 'category' ) - $post_category = isset( $post_data['post_category'] ) ? (array) $post_data['post_category'] : array(); + $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); else - $post_category = ( isset( $post_data['tax_input'] ) && isset( $post_data['tax_input'][$taxonomy->name] ) ) ? (array) $post_data['tax_input'][$taxonomy->name] : array(); + $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); $checked_categories = array_map( 'absint', (array) $post_category ); $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); @@ -561,7 +559,7 @@ function wp_ajax_add_link_category( $action ) { check_ajax_referer( $action ); if ( !current_user_can( 'manage_categories' ) ) wp_die( -1 ); - $names = explode( ',', wp_unslash( $_POST['newcat'] ) ); + $names = explode(',', $_POST['newcat']); $x = new WP_Ajax_Response(); foreach ( $names as $cat_name ) { $cat_name = trim($cat_name); @@ -574,7 +572,7 @@ function wp_ajax_add_link_category( $action ) { continue; else if ( is_array( $cat_id ) ) $cat_id = $cat_id['term_id']; - $cat_name = esc_html( wp_unslash( $cat_name ) ); + $cat_name = esc_html(stripslashes($cat_name)); $x->add( array( 'what' => 'link-category', 'id' => $cat_id, @@ -588,11 +586,9 @@ function wp_ajax_add_link_category( $action ) { function wp_ajax_add_tag() { global $wp_list_table; - $post_data = wp_unslash( $_POST ); - check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); - $post_type = !empty($post_data['post_type']) ? $post_data['post_type'] : 'post'; - $taxonomy = !empty($post_data['taxonomy']) ? $post_data['taxonomy'] : 'post_tag'; + $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; + $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; $tax = get_taxonomy($taxonomy); if ( !current_user_can( $tax->cap->edit_terms ) ) @@ -600,7 +596,7 @@ function wp_ajax_add_tag() { $x = new WP_Ajax_Response(); - $tag = wp_insert_term( $post_data['tag-name'], $taxonomy, $post_data ); + $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { $message = __('An error has occurred. Please reload the page and try again.'); @@ -614,7 +610,7 @@ function wp_ajax_add_tag() { $x->send(); } - $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $post_data['screen'] ) ); + $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) ); $level = 0; if ( is_taxonomy_hierarchical($taxonomy) ) { @@ -732,10 +728,10 @@ function wp_ajax_replyto_comment( $action ) { $user = wp_get_current_user(); if ( $user->exists() ) { $user_ID = $user->ID; - $comment_author = $user->display_name; - $comment_author_email = $user->user_email; - $comment_author_url = $user->user_url; - $comment_content = trim( wp_unslash( $_POST['content'] ) ); + $comment_author = $wpdb->escape($user->display_name); + $comment_author_email = $wpdb->escape($user->user_email); + $comment_author_url = $wpdb->escape($user->user_url); + $comment_content = trim($_POST['content']); if ( current_user_can( 'unfiltered_html' ) ) { if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate @@ -961,8 +957,8 @@ function wp_ajax_add_meta() { ) ); } else { // Update? $mid = (int) key( $_POST['meta'] ); - $key = wp_unslash( $_POST['meta'][$mid]['key'] ); - $value = wp_unslash( $_POST['meta'][$mid]['value'] ); + $key = stripslashes( $_POST['meta'][$mid]['key'] ); + $value = stripslashes( $_POST['meta'][$mid]['value'] ); if ( '' == trim($key) ) wp_die( __( 'Please provide a custom field name.' ) ); if ( '' == trim($value) ) @@ -1231,7 +1227,7 @@ function wp_ajax_wp_link_ajax() { $args = array(); if ( isset( $_POST['search'] ) ) - $args['s'] = wp_unslash( $_POST['search'] ); + $args['s'] = stripslashes( $_POST['search'] ); $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; require(ABSPATH . WPINC . '/class-wp-editor.php'); @@ -1332,6 +1328,7 @@ function wp_ajax_inline_save() { $data = &$_POST; $post = get_post( $post_ID, ARRAY_A ); + $post = add_magic_quotes($post); //since it is from db $data['content'] = $post['post_content']; $data['excerpt'] = $post['post_excerpt']; @@ -1380,9 +1377,7 @@ function wp_ajax_inline_save_tax() { check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); - $post_data = wp_unslash( $_POST ); - - $taxonomy = sanitize_key( $post_data['taxonomy'] ); + $taxonomy = sanitize_key( $_POST['taxonomy'] ); $tax = get_taxonomy( $taxonomy ); if ( ! $tax ) wp_die( 0 ); @@ -1392,13 +1387,13 @@ function wp_ajax_inline_save_tax() { $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); - if ( ! isset($post_data['tax_ID']) || ! ( $id = (int) $post_data['tax_ID'] ) ) + if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) wp_die( -1 ); $tag = get_term( $id, $taxonomy ); - $post_data['description'] = $tag->description; + $_POST['description'] = $tag->description; - $updated = wp_update_term($id, $taxonomy, $post_data ); + $updated = wp_update_term($id, $taxonomy, $_POST); if ( $updated && !is_wp_error($updated) ) { $tag = get_term( $updated['term_id'], $taxonomy ); if ( !$tag || is_wp_error( $tag ) ) { @@ -1430,7 +1425,7 @@ function wp_ajax_find_posts() { $post_types = get_post_types( array( 'public' => true ), 'objects' ); unset( $post_types['attachment'] ); - $s = wp_unslash( $_POST['ps'] ); + $s = stripslashes( $_POST['ps'] ); $searchand = $search = ''; $args = array( 'post_type' => array_keys( $post_types ), @@ -1601,7 +1596,7 @@ function wp_ajax_upload_attachment() { $post_id = null; } - $post_data = isset( $_REQUEST['post_data'] ) ? wp_unslash( $_REQUEST['post_data'] ) : array(); + $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); // If the context is custom header or background, make sure the uploaded file is an image. if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) { @@ -1635,10 +1630,10 @@ function wp_ajax_upload_attachment() { if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { if ( 'custom-background' === $post_data['context'] ) - wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); + update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); if ( 'custom-header' === $post_data['context'] ) - wp_update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); + update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); } if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) @@ -1783,7 +1778,7 @@ function wp_ajax_wp_remove_post_lock() { wp_die( 0 ); $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; - wp_update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); + update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); wp_die( 1 ); } @@ -1878,7 +1873,7 @@ function wp_ajax_save_attachment() { if ( ! current_user_can( 'edit_post', $id ) ) wp_send_json_error(); - $changes = wp_unslash( $_REQUEST['changes'] ); + $changes = $_REQUEST['changes']; $post = get_post( $id, ARRAY_A ); if ( 'attachment' != $post['post_type'] ) @@ -1895,10 +1890,10 @@ function wp_ajax_save_attachment() { if ( isset( $changes['alt'] ) ) { $alt = get_post_meta( $id, '_wp_attachment_image_alt', true ); - $new_alt = $changes['alt']; + $new_alt = stripslashes( $changes['alt'] ); if ( $alt != $new_alt ) { $new_alt = wp_strip_all_tags( $new_alt, true ); - wp_update_post_meta( $id, '_wp_attachment_image_alt', $new_alt ); + update_post_meta( $id, '_wp_attachment_image_alt', addslashes( $new_alt ) ); } } @@ -1920,7 +1915,7 @@ function wp_ajax_save_attachment_compat() { if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) ) wp_send_json_error(); - $attachment_data = wp_unslash( $_REQUEST['attachments'][ $id ] ); + $attachment_data = $_REQUEST['attachments'][ $id ]; check_ajax_referer( 'update-post_' . $id, 'nonce' ); @@ -1964,7 +1959,7 @@ function wp_ajax_save_attachment_order() { check_ajax_referer( 'update-post_' . $post_id, 'nonce' ); - $attachments = wp_unslash( $_REQUEST['attachments'] ); + $attachments = $_REQUEST['attachments']; if ( ! current_user_can( 'edit_post', $post_id ) ) wp_send_json_error(); @@ -1995,7 +1990,7 @@ function wp_ajax_save_attachment_order() { function wp_ajax_send_attachment_to_editor() { check_ajax_referer( 'media-send-to-editor', 'nonce' ); - $attachment = wp_unslash( $_POST['attachment'] ); + $attachment = stripslashes_deep( $_POST['attachment'] ); $id = intval( $attachment['id'] ); @@ -2050,7 +2045,7 @@ function wp_ajax_send_attachment_to_editor() { function wp_ajax_send_link_to_editor() { check_ajax_referer( 'media-send-to-editor', 'nonce' ); - if ( ! $src = wp_unslash( $_POST['src'] ) ) + if ( ! $src = stripslashes( $_POST['src'] ) ) wp_send_json_error(); if ( ! strpos( $src, '://' ) ) @@ -2059,7 +2054,7 @@ function wp_ajax_send_link_to_editor() { if ( ! $src = esc_url_raw( $src ) ) wp_send_json_error(); - if ( ! $title = trim( wp_unslash( $_POST['title'] ) ) ) + if ( ! $title = trim( stripslashes( $_POST['title'] ) ) ) $title = wp_basename( $src ); $html = ''; @@ -2088,7 +2083,7 @@ function wp_ajax_heartbeat() { $screen_id = 'site'; if ( ! empty($_POST['data']) ) { - $data = wp_unslash( (array) $_POST['data'] ); + $data = (array) $_POST['data']; // todo: how much to sanitize and preset and what to leave to be accessed from $data or $_POST..? $user = wp_get_current_user(); $data['user_id'] = $user->exists() ? $user->ID : 0; @@ -2119,7 +2114,7 @@ function wp_ajax_nopriv_heartbeat() { $screen_id = 'site'; if ( ! empty($_POST['data']) ) { - $data = wp_unslash( (array) $_POST['data'] ); + $data = stripslashes_deep( (array) $_POST['data'] ); $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id ); } diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php index 14cb20dac2..4d240b775c 100644 --- a/wp-admin/includes/bookmark.php +++ b/wp-admin/includes/bookmark.php @@ -39,9 +39,9 @@ function edit_link( $link_id = 0 ) { if ( !empty( $link_id ) ) { $_POST['link_id'] = $link_id; - return wp_update_link( wp_unslash( $_POST ) ); + return wp_update_link( $_POST ); } else { - return wp_insert_link( wp_unslash( $_POST ) ); + return wp_insert_link( $_POST ); } } @@ -55,12 +55,12 @@ function edit_link( $link_id = 0 ) { function get_default_link_to_edit() { $link = new stdClass; if ( isset( $_GET['linkurl'] ) ) - $link->link_url = esc_url( wp_unslash( $_GET['linkurl'] ) ); + $link->link_url = esc_url( $_GET['linkurl'] ); else $link->link_url = ''; if ( isset( $_GET['name'] ) ) - $link->link_name = esc_attr( wp_unslash( $_GET['name'] ) ); + $link->link_name = esc_attr( $_GET['name'] ); else $link->link_name = ''; @@ -137,7 +137,7 @@ function wp_insert_link( $linkdata, $wp_error = false ) { $linkdata = wp_parse_args( $linkdata, $defaults ); $linkdata = sanitize_bookmark( $linkdata, 'db' ); - extract( $linkdata, EXTR_SKIP ); + extract( stripslashes_deep( $linkdata ), EXTR_SKIP ); $update = false; @@ -250,6 +250,9 @@ function wp_update_link( $linkdata ) { $link = get_bookmark( $link_id, ARRAY_A ); + // Escape data pulled from DB. + $link = add_magic_quotes( $link ); + // Passed link category list overwrites existing category list if not empty. if ( isset( $linkdata['link_category'] ) && is_array( $linkdata['link_category'] ) && 0 != count( $linkdata['link_category'] ) ) diff --git a/wp-admin/includes/class-wp-comments-list-table.php b/wp-admin/includes/class-wp-comments-list-table.php index bd04f09be1..cf0ab88a82 100644 --- a/wp-admin/includes/class-wp-comments-list-table.php +++ b/wp-admin/includes/class-wp-comments-list-table.php @@ -170,7 +170,7 @@ class WP_Comments_List_Table extends WP_List_Table { /* // I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark if ( !empty( $_REQUEST['s'] ) ) - $link = add_query_arg( 's', esc_attr( wp_unslash( $_REQUEST['s'] ) ), $link ); + $link = add_query_arg( 's', esc_attr( stripslashes( $_REQUEST['s'] ) ), $link ); */ $status_links[$status] = "" . sprintf( translate_nooped_plural( $label, $num_comments->$status ), diff --git a/wp-admin/includes/class-wp-ms-sites-list-table.php b/wp-admin/includes/class-wp-ms-sites-list-table.php index b9d68a1f35..371901a638 100644 --- a/wp-admin/includes/class-wp-ms-sites-list-table.php +++ b/wp-admin/includes/class-wp-ms-sites-list-table.php @@ -29,7 +29,7 @@ class WP_MS_Sites_List_Table extends WP_List_Table { $pagenum = $this->get_pagenum(); - $s = isset( $_REQUEST['s'] ) ? wp_unslash( trim( $_REQUEST[ 's' ] ) ) : ''; + $s = isset( $_REQUEST['s'] ) ? stripslashes( trim( $_REQUEST[ 's' ] ) ) : ''; $wild = ''; if ( false !== strpos($s, '*') ) { $wild = '%'; diff --git a/wp-admin/includes/class-wp-ms-themes-list-table.php b/wp-admin/includes/class-wp-ms-themes-list-table.php index df9db5e892..d4190249bf 100644 --- a/wp-admin/includes/class-wp-ms-themes-list-table.php +++ b/wp-admin/includes/class-wp-ms-themes-list-table.php @@ -126,7 +126,7 @@ class WP_MS_Themes_List_Table extends WP_List_Table { function _search_callback( $theme ) { static $term; if ( is_null( $term ) ) - $term = wp_unslash( $_REQUEST['s'] ); + $term = stripslashes( $_REQUEST['s'] ); foreach ( array( 'Name', 'Description', 'Author', 'Author', 'AuthorURI' ) as $field ) { // Don't mark up; Do translate. diff --git a/wp-admin/includes/class-wp-ms-users-list-table.php b/wp-admin/includes/class-wp-ms-users-list-table.php index ab1ee3620e..6a4268f6ae 100644 --- a/wp-admin/includes/class-wp-ms-users-list-table.php +++ b/wp-admin/includes/class-wp-ms-users-list-table.php @@ -173,10 +173,10 @@ class WP_MS_Users_List_Table extends WP_List_Table { case 'username': $avatar = get_avatar( $user->user_email, 32 ); - $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) ); + $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) ); echo ""; ?> - user_login; ?>user_login ); ?>user_login, $super_admins ) ) echo ' - ' . __( 'Super Admin' ); ?> @@ -186,7 +186,7 @@ class WP_MS_Users_List_Table extends WP_List_Table { $actions['edit'] = '' . __( 'Edit' ) . ''; if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) { - $actions['delete'] = '' . __( 'Delete' ) . ''; + $actions['delete'] = '' . __( 'Delete' ) . ''; } $actions = apply_filters( 'ms_user_row_actions', $actions, $user ); diff --git a/wp-admin/includes/class-wp-plugin-install-list-table.php b/wp-admin/includes/class-wp-plugin-install-list-table.php index 76ef2ce2c1..aa7cffe4c9 100644 --- a/wp-admin/includes/class-wp-plugin-install-list-table.php +++ b/wp-admin/includes/class-wp-plugin-install-list-table.php @@ -48,8 +48,8 @@ class WP_Plugin_Install_List_Table extends WP_List_Table { switch ( $tab ) { case 'search': - $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term'; - $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : ''; + $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; + $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; switch ( $type ) { case 'tag': @@ -73,7 +73,7 @@ class WP_Plugin_Install_List_Table extends WP_List_Table { break; case 'favorites': - $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); + $user = isset( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); update_user_meta( get_current_user_id(), 'wporg_favorites', $user ); if ( $user ) $args['user'] = $user; diff --git a/wp-admin/includes/class-wp-plugins-list-table.php b/wp-admin/includes/class-wp-plugins-list-table.php index 64086d8d49..ec60afdfe6 100644 --- a/wp-admin/includes/class-wp-plugins-list-table.php +++ b/wp-admin/includes/class-wp-plugins-list-table.php @@ -22,7 +22,7 @@ class WP_Plugins_List_Table extends WP_List_Table { $status = $_REQUEST['plugin_status']; if ( isset($_REQUEST['s']) ) - $_SERVER['REQUEST_URI'] = add_query_arg('s', wp_unslash($_REQUEST['s']) ); + $_SERVER['REQUEST_URI'] = add_query_arg('s', stripslashes($_REQUEST['s']) ); $page = $this->get_pagenum(); } @@ -140,7 +140,7 @@ class WP_Plugins_List_Table extends WP_List_Table { function _search_callback( $plugin ) { static $term; if ( is_null( $term ) ) - $term = wp_unslash( $_REQUEST['s'] ); + $term = stripslashes( $_REQUEST['s'] ); foreach ( $plugin as $value ) if ( stripos( $value, $term ) !== false ) diff --git a/wp-admin/includes/class-wp-terms-list-table.php b/wp-admin/includes/class-wp-terms-list-table.php index de8d8d32c1..85010105cd 100644 --- a/wp-admin/includes/class-wp-terms-list-table.php +++ b/wp-admin/includes/class-wp-terms-list-table.php @@ -52,7 +52,7 @@ class WP_Terms_List_Table extends WP_List_Table { $tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page ); // Old filter } - $search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : ''; + $search = !empty( $_REQUEST['s'] ) ? trim( stripslashes( $_REQUEST['s'] ) ) : ''; $args = array( 'search' => $search, @@ -61,10 +61,10 @@ class WP_Terms_List_Table extends WP_List_Table { ); if ( !empty( $_REQUEST['orderby'] ) ) - $args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) ); + $args['orderby'] = trim( stripslashes( $_REQUEST['orderby'] ) ); if ( !empty( $_REQUEST['order'] ) ) - $args['order'] = trim( wp_unslash( $_REQUEST['order'] ) ); + $args['order'] = trim( stripslashes( $_REQUEST['order'] ) ); $this->callback_args = $args; diff --git a/wp-admin/includes/class-wp-theme-install-list-table.php b/wp-admin/includes/class-wp-theme-install-list-table.php index 5bc80502f6..8aa892929d 100644 --- a/wp-admin/includes/class-wp-theme-install-list-table.php +++ b/wp-admin/includes/class-wp-theme-install-list-table.php @@ -24,7 +24,7 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table { $search_terms = array(); $search_string = ''; if ( ! empty( $_REQUEST['s'] ) ){ - $search_string = strtolower( wp_unslash( $_REQUEST['s'] ) ); + $search_string = strtolower( stripslashes( $_REQUEST['s'] ) ); $search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', $search_string ) ) ) ); } @@ -59,7 +59,7 @@ class WP_Theme_Install_List_Table extends WP_Themes_List_Table { switch ( $tab ) { case 'search': - $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term'; + $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; switch ( $type ) { case 'tag': $args['tag'] = array_map( 'sanitize_key', $search_terms ); diff --git a/wp-admin/includes/class-wp-themes-list-table.php b/wp-admin/includes/class-wp-themes-list-table.php index 684bd8be00..420495efe3 100644 --- a/wp-admin/includes/class-wp-themes-list-table.php +++ b/wp-admin/includes/class-wp-themes-list-table.php @@ -28,7 +28,7 @@ class WP_Themes_List_Table extends WP_List_Table { $themes = wp_get_themes( array( 'allowed' => true ) ); if ( ! empty( $_REQUEST['s'] ) ) - $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( wp_unslash( $_REQUEST['s'] ) ) ) ) ) ); + $this->search_terms = array_unique( array_filter( array_map( 'trim', explode( ',', strtolower( stripslashes( $_REQUEST['s'] ) ) ) ) ) ); if ( ! empty( $_REQUEST['features'] ) ) $this->features = $_REQUEST['features']; @@ -235,7 +235,7 @@ class WP_Themes_List_Table extends WP_List_Table { * @uses _pagination_args['total_pages'] */ function _js_vars( $extra_args = array() ) { - $search_string = isset( $_REQUEST['s'] ) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : ''; + $search_string = isset( $_REQUEST['s'] ) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : ''; $args = array( 'search' => $search_string, diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php index a42ab3fdfd..c9bfec3dc4 100644 --- a/wp-admin/includes/class-wp-upgrader.php +++ b/wp-admin/includes/class-wp-upgrader.php @@ -1427,7 +1427,7 @@ class Plugin_Installer_Skin extends WP_Upgrader_Skin { $install_actions = array(); - $from = isset($_GET['from']) ? wp_unslash( $_GET['from'] ) : 'plugins'; + $from = isset($_GET['from']) ? stripslashes($_GET['from']) : 'plugins'; if ( 'import' == $from ) $install_actions['activate_plugin'] = '' . __('Activate Plugin & Run Importer') . ''; diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php index 3071fa97af..10802c110c 100644 --- a/wp-admin/includes/class-wp-users-list-table.php +++ b/wp-admin/includes/class-wp-users-list-table.php @@ -241,7 +241,7 @@ class WP_Users_List_Table extends WP_List_Table { // Check if the user for this row is editable if ( current_user_can( 'list_users' ) ) { // Set up the user editing link - $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) ); + $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user_object->ID ) ) ); // Set up the hover actions for this user $actions = array(); diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php index 311f669b54..1620755b68 100644 --- a/wp-admin/includes/comment.php +++ b/wp-admin/includes/comment.php @@ -19,6 +19,9 @@ function comment_exists($comment_author, $comment_date) { global $wpdb; + $comment_author = stripslashes($comment_author); + $comment_date = stripslashes($comment_date); + return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); } @@ -30,40 +33,38 @@ function comment_exists($comment_author, $comment_date) { */ function edit_comment() { - $post_data = wp_unslash( $_POST ); - - if ( ! current_user_can( 'edit_comment', (int) $post_data['comment_ID'] ) ) + if ( ! current_user_can( 'edit_comment', (int) $_POST['comment_ID'] ) ) wp_die ( __( 'You are not allowed to edit comments on this post.' ) ); - $post_data['comment_author'] = $post_data['newcomment_author']; - $post_data['comment_author_email'] = $post_data['newcomment_author_email']; - $post_data['comment_author_url'] = $post_data['newcomment_author_url']; - $post_data['comment_approved'] = $post_data['comment_status']; - $post_data['comment_content'] = $post_data['content']; - $post_data['comment_ID'] = (int) $post_data['comment_ID']; + $_POST['comment_author'] = $_POST['newcomment_author']; + $_POST['comment_author_email'] = $_POST['newcomment_author_email']; + $_POST['comment_author_url'] = $_POST['newcomment_author_url']; + $_POST['comment_approved'] = $_POST['comment_status']; + $_POST['comment_content'] = $_POST['content']; + $_POST['comment_ID'] = (int) $_POST['comment_ID']; foreach ( array ('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { - if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) { + if ( !empty( $_POST['hidden_' . $timeunit] ) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit] ) { $_POST['edit_date'] = '1'; break; } } - if ( !empty ( $post_data['edit_date'] ) ) { - $aa = $post_data['aa']; - $mm = $post_data['mm']; - $jj = $post_data['jj']; - $hh = $post_data['hh']; - $mn = $post_data['mn']; - $ss = $post_data['ss']; + if ( !empty ( $_POST['edit_date'] ) ) { + $aa = $_POST['aa']; + $mm = $_POST['mm']; + $jj = $_POST['jj']; + $hh = $_POST['hh']; + $mn = $_POST['mn']; + $ss = $_POST['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; - $post_data['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; + $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; } - wp_update_comment( $post_data ); + wp_update_comment( $_POST ); } /** diff --git a/wp-admin/includes/dashboard.php b/wp-admin/includes/dashboard.php index 5576d510b0..ee41d53e7b 100644 --- a/wp-admin/includes/dashboard.php +++ b/wp-admin/includes/dashboard.php @@ -1093,7 +1093,7 @@ function wp_dashboard_rss_control( $widget_id, $form_inputs = array() ) { $widget_options[$widget_id]['number'] = $number; if ( 'POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['widget-rss'][$number]) ) { - $_POST['widget-rss'][$number] = wp_unslash( $_POST['widget-rss'][$number] ); + $_POST['widget-rss'][$number] = stripslashes_deep( $_POST['widget-rss'][$number] ); $widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] ); // title is optional. If black, fill it if possible if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) { diff --git a/wp-admin/includes/deprecated.php b/wp-admin/includes/deprecated.php index e6353eaf30..8513cada32 100644 --- a/wp-admin/includes/deprecated.php +++ b/wp-admin/includes/deprecated.php @@ -472,13 +472,14 @@ class WP_User_Search { function WP_User_Search ($search_term = '', $page = '', $role = '') { _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' ); - $this->search_term = $search_term; + $this->search_term = stripslashes( $search_term ); $this->raw_page = ( '' == $page ) ? false : (int) $page; $this->page = (int) ( '' == $page ) ? 1 : $page; $this->role = $role; $this->prepare_query(); $this->query(); + $this->prepare_vars_for_template_usage(); $this->do_paging(); } @@ -549,7 +550,9 @@ class WP_User_Search { * @since 2.1.0 * @access public */ - function prepare_vars_for_template_usage() {} + function prepare_vars_for_template_usage() { + $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone + } /** * {@internal Missing Short Description}} diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index eac8ab53a5..05eaf82527 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -901,13 +901,13 @@ function request_filesystem_credentials($form_post, $type = '', $error = false, $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => '')); // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option) - $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']); - $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']); - $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : ''); + $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']); + $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']); + $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : ''); // Check to see if we are setting the public/private keys for ssh - $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : ''); - $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : ''); + $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : ''); + $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : ''); //sanitize the hostname, Some people might pass in odd-data: $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off @@ -925,7 +925,7 @@ function request_filesystem_credentials($form_post, $type = '', $error = false, else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL $credentials['connection_type'] = 'ftps'; else if ( !empty($_POST['connection_type']) ) - $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] ); + $credentials['connection_type'] = stripslashes($_POST['connection_type']); else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP $credentials['connection_type'] = 'ftp'; @@ -1050,7 +1050,7 @@ jQuery(function($){ '; + echo ''; } submit_button( __( 'Proceed' ), 'button', 'upgrade' ); ?> diff --git a/wp-admin/includes/image-edit.php b/wp-admin/includes/image-edit.php index f0ded2f73d..01bce7bd97 100644 --- a/wp-admin/includes/image-edit.php +++ b/wp-admin/includes/image-edit.php @@ -454,7 +454,7 @@ function stream_preview_image( $post_id ) { if ( is_wp_error( $img ) ) return false; - $changes = !empty($_REQUEST['history']) ? json_decode( wp_unslash( $_REQUEST['history'] ) ) : null; + $changes = !empty($_REQUEST['history']) ? json_decode( stripslashes($_REQUEST['history']) ) : null; if ( $changes ) $img = image_edit_apply_changes( $img, $changes ); @@ -533,7 +533,7 @@ function wp_restore_image($post_id) { } } - if ( !wp_update_attachment_metadata($post_id, $meta) || !wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { + if ( !wp_update_attachment_metadata($post_id, $meta) || !update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes) ) { $msg->error = __('Cannot save image metadata.'); return $msg; } @@ -587,7 +587,7 @@ function wp_save_image( $post_id ) { return $return; } } elseif ( !empty($_REQUEST['history']) ) { - $changes = json_decode( wp_unslash( $_REQUEST['history'] ) ); + $changes = json_decode( stripslashes($_REQUEST['history']) ); if ( $changes ) $img = image_edit_apply_changes($img, $changes); } else { @@ -699,7 +699,7 @@ function wp_save_image( $post_id ) { if ( $success ) { wp_update_attachment_metadata( $post_id, $meta ); - wp_update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); + update_post_meta( $post_id, '_wp_attachment_backup_sizes', $backup_sizes); if ( $target == 'thumbnail' || $target == 'all' || $target == 'full' ) { // Check if it's an image edit from attachment edit screen diff --git a/wp-admin/includes/media.php b/wp-admin/includes/media.php index 5e9912be68..814cae9f9e 100644 --- a/wp-admin/includes/media.php +++ b/wp-admin/includes/media.php @@ -444,8 +444,6 @@ function media_upload_form_handler() { } if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) { - $attachment = wp_unslash( $attachment ); - $post = $_post = get_post($attachment_id, ARRAY_A); $post_type_object = get_post_type_object( $post[ 'post_type' ] ); @@ -470,9 +468,10 @@ function media_upload_form_handler() { if ( isset($attachment['image_alt']) ) { $image_alt = get_post_meta($attachment_id, '_wp_attachment_image_alt', true); - if ( $image_alt != $attachment['image_alt'] ) { - $image_alt = wp_strip_all_tags( $attachment['image_alt'], true ); - wp_update_post_meta( $attachment_id, '_wp_attachment_image_alt', $image_alt ); + if ( $image_alt != stripslashes($attachment['image_alt']) ) { + $image_alt = wp_strip_all_tags( stripslashes($attachment['image_alt']), true ); + // update_meta expects slashed + update_post_meta( $attachment_id, '_wp_attachment_image_alt', addslashes($image_alt) ); } } @@ -502,7 +501,7 @@ function media_upload_form_handler() { } if ( isset($send_id) ) { - $attachment = wp_unslash( $_POST['attachments'][$send_id] ); + $attachment = stripslashes_deep( $_POST['attachments'][$send_id] ); $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : ''; if ( !empty($attachment['url']) ) { @@ -547,7 +546,7 @@ function wp_media_upload_handler() { $src = "http://$src"; if ( isset( $_POST['media_type'] ) && 'image' != $_POST['media_type'] ) { - $title = esc_html( wp_unslash( $_POST['title'] ) ); + $title = esc_html( stripslashes( $_POST['title'] ) ); if ( empty( $title ) ) $title = esc_html( basename( $src ) ); @@ -562,9 +561,9 @@ function wp_media_upload_handler() { $html = apply_filters( $type . '_send_to_editor_url', $html, esc_url_raw( $src ), $title ); } else { $align = ''; - $alt = esc_attr( wp_unslash( $_POST['alt'] ) ); + $alt = esc_attr( stripslashes( $_POST['alt'] ) ); if ( isset($_POST['align']) ) { - $align = esc_attr( wp_unslash( $_POST['align'] ) ); + $align = esc_attr( stripslashes( $_POST['align'] ) ); $class = " class='align$align'"; } if ( !empty($src) ) diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php index d0f2ed7d16..b450e2c3ff 100644 --- a/wp-admin/includes/misc.php +++ b/wp-admin/includes/misc.php @@ -220,7 +220,7 @@ add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 ); * @return string */ function url_shorten( $url ) { - $short_url = str_replace( 'http://', '', $url ); + $short_url = str_replace( 'http://', '', stripslashes( $url )); $short_url = str_replace( 'www.', '', $short_url ); $short_url = untrailingslashit( $short_url ); if ( strlen( $short_url ) > 35 ) @@ -248,9 +248,9 @@ function wp_reset_vars( $vars ) { if ( empty( $_GET[$var] ) ) $$var = ''; else - $$var = wp_unslash( $_GET[$var] ); + $$var = $_GET[$var]; } else { - $$var = wp_unslash( $_POST[$var] ); + $$var = $_POST[$var]; } } } @@ -323,8 +323,8 @@ function set_screen_options() { if ( !$user = wp_get_current_user() ) return; - $option = wp_unslash( $_POST['wp_screen_options']['option'] ); - $value = wp_unslash( $_POST['wp_screen_options']['value'] ); + $option = $_POST['wp_screen_options']['option']; + $value = $_POST['wp_screen_options']['value']; if ( $option != sanitize_key( $option ) ) return; diff --git a/wp-admin/includes/plugin-install.php b/wp-admin/includes/plugin-install.php index 32b4c676cb..63a5f711f2 100644 --- a/wp-admin/includes/plugin-install.php +++ b/wp-admin/includes/plugin-install.php @@ -116,8 +116,8 @@ add_action('install_plugins_dashboard', 'install_dashboard'); * @since 2.7.0 */ function install_search_form( $type_selector = true ) { - $type = isset($_REQUEST['type']) ? wp_unslash( $_REQUEST['type'] ) : 'term'; - $term = isset($_REQUEST['s']) ? wp_unslash( $_REQUEST['s'] ) : ''; + $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : 'term'; + $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; ?>
@@ -160,7 +160,7 @@ add_action('install_plugins_upload', 'install_plugins_upload', 10, 1); * */ function install_plugins_favorites_form() { - $user = ! empty( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); + $user = ! empty( $_GET['user'] ) ? stripslashes( $_GET['user'] ) : get_user_option( 'wporg_favorites' ); ?>

@@ -251,7 +251,7 @@ function install_plugin_install_status($api, $loop = false) { } } if ( isset($_GET['from']) ) - $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) ); + $url .= '&from=' . urlencode(stripslashes($_GET['from'])); return compact('status', 'url', 'version'); } @@ -264,7 +264,7 @@ function install_plugin_install_status($api, $loop = false) { function install_plugin_information() { global $tab; - $api = plugins_api('plugin_information', array('slug' => wp_unslash( $_REQUEST['plugin'] ) )); + $api = plugins_api('plugin_information', array('slug' => stripslashes( $_REQUEST['plugin'] ) )); if ( is_wp_error($api) ) wp_die($api); @@ -295,7 +295,7 @@ function install_plugin_information() { $api->$key = wp_kses( $api->$key, $plugins_allowedtags ); } - $section = isset($_REQUEST['section']) ? wp_unslash( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English. + $section = isset($_REQUEST['section']) ? stripslashes( $_REQUEST['section'] ) : 'description'; //Default to the Description tab, Do not translate, API returns English. if ( empty($section) || ! isset($api->sections[ $section ]) ) $section = array_shift( $section_titles = array_keys((array)$api->sections) ); diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index eb386ee652..d7c2e593f4 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -149,8 +149,8 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { */ function edit_post( $post_data = null ) { - if ( empty( $post_data ) ) - $post_data = wp_unslash( $_POST ); + if ( empty($post_data) ) + $post_data = &$_POST; // Clear out any data in internal vars. unset( $post_data['filter'] ); @@ -236,9 +236,10 @@ function edit_post( $post_data = null ) { if ( 'attachment' == $post_data['post_type'] ) { if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) { $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true ); - if ( $image_alt != $post_data['_wp_attachment_image_alt'] ) { - $image_alt = wp_strip_all_tags( $post_data['_wp_attachment_image_alt'], true ); - wp_update_post_meta( $post_ID, '_wp_attachment_image_alt', $image_alt ); + if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) { + $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true ); + // update_meta expects slashed + update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) ); } } @@ -248,7 +249,7 @@ function edit_post( $post_data = null ) { add_meta( $post_ID ); - wp_update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); + update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); wp_update_post( $post_data ); @@ -429,15 +430,15 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) $post_title = ''; if ( !empty( $_REQUEST['post_title'] ) ) - $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] )); + $post_title = esc_html( stripslashes( $_REQUEST['post_title'] )); $post_content = ''; if ( !empty( $_REQUEST['content'] ) ) - $post_content = esc_html( wp_unslash( $_REQUEST['content'] )); + $post_content = esc_html( stripslashes( $_REQUEST['content'] )); $post_excerpt = ''; if ( !empty( $_REQUEST['excerpt'] ) ) - $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] )); + $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] )); if ( $create_in_db ) { $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) ); @@ -486,9 +487,9 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) function post_exists($title, $content = '', $date = '') { global $wpdb; - $post_title = sanitize_post_field( 'post_title', $title, 0, 'db' ); - $post_content = sanitize_post_field( 'post_content', $content, 0, 'db' ); - $post_date = sanitize_post_field( 'post_date', $date, 0, 'db' ); + $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); + $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); + $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); $query = "SELECT ID FROM $wpdb->posts WHERE 1=1"; $args = array(); @@ -566,7 +567,7 @@ function wp_write_post() { } // Create the post. - $post_ID = wp_insert_post( wp_unslash( $_POST ) ); + $post_ID = wp_insert_post( $_POST ); if ( is_wp_error( $post_ID ) ) return $post_ID; @@ -575,7 +576,7 @@ function wp_write_post() { add_meta( $post_ID ); - wp_add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); + add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links( $post_ID ); @@ -619,9 +620,9 @@ function add_meta( $post_ID ) { global $wpdb; $post_ID = (int) $post_ID; - $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : ''; - $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : ''; - $metavalue = isset($_POST['metavalue']) ? wp_unslash( trim( $_POST['metavalue'] ) ) : ''; + $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : ''; + $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : ''; + $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; if ( is_string( $metavalue ) ) $metavalue = trim( $metavalue ); @@ -638,7 +639,9 @@ function add_meta( $post_ID ) { if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) return false; - return wp_add_post_meta( $post_ID, $metakey, $metavalue ); + $metakey = esc_sql( $metakey ); + + return add_post_meta( $post_ID, $metakey, $metavalue ); } return false; @@ -711,11 +714,14 @@ function has_meta( $postid ) { * @since 1.2.0 * * @param unknown_type $meta_id - * @param unknown_type $meta_key - * @param unknown_type $meta_value + * @param unknown_type $meta_key Expect Slashed + * @param unknown_type $meta_value Expect Slashed * @return unknown */ function update_meta( $meta_id, $meta_key, $meta_value ) { + $meta_key = stripslashes( $meta_key ); + $meta_value = stripslashes_deep( $meta_value ); + return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); } @@ -769,6 +775,8 @@ function _fix_attachment_links( $post_ID ) { if ( $replace ) { $post['post_content'] = $content; + // Escape data pulled from DB. + $post = add_magic_quotes($post); return wp_update_post($post); } @@ -1179,7 +1187,7 @@ function wp_set_post_lock( $post_id ) { $now = time(); $lock = "$now:$user_id"; - wp_update_post_meta( $post->ID, '_edit_lock', $lock ); + update_post_meta( $post->ID, '_edit_lock', $lock ); return array( $now, $user_id ); } @@ -1230,14 +1238,14 @@ function wp_create_post_autosave( $post_id ) { // Only store one autosave. If there is already an autosave, overwrite it. if ( $old_autosave = wp_get_post_autosave( $post_id ) ) { - $new_autosave = _wp_post_revision_fields( wp_unslash( $_POST ), true ); + $new_autosave = _wp_post_revision_fields( $_POST, true ); $new_autosave['ID'] = $old_autosave->ID; $new_autosave['post_author'] = get_current_user_id(); return wp_update_post( $new_autosave ); } // _wp_put_post_revision() expects unescaped. - $_POST = wp_unslash( $_POST ); + $_POST = stripslashes_deep($_POST); // Otherwise create the new autosave as a special post revision return _wp_put_post_revision( $_POST, true ); diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php index 1f57cb1492..5dfb41b952 100644 --- a/wp-admin/includes/schema.php +++ b/wp-admin/includes/schema.php @@ -505,11 +505,13 @@ function populate_options() { else $autoload = 'yes'; + $option = $wpdb->escape($option); if ( is_array($value) ) $value = serialize($value); + $value = $wpdb->escape($value); if ( !empty($insert) ) $insert .= ', '; - $insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload ); + $insert .= "('$option', '$value', '$autoload')"; } if ( !empty($insert) ) @@ -919,11 +921,13 @@ We hope you enjoy your new site. Thanks! $insert = ''; foreach ( $sitemeta as $meta_key => $meta_value ) { + $meta_key = $wpdb->escape( $meta_key ); if ( is_array( $meta_value ) ) $meta_value = serialize( $meta_value ); + $meta_value = $wpdb->escape( $meta_value ); if ( !empty( $insert ) ) $insert .= ', '; - $insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value ); + $insert .= "( $network_id, '$meta_key', '$meta_value')"; } $wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert ); diff --git a/wp-admin/includes/taxonomy.php b/wp-admin/includes/taxonomy.php index f31dadc757..7423cf9214 100644 --- a/wp-admin/includes/taxonomy.php +++ b/wp-admin/includes/taxonomy.php @@ -157,6 +157,9 @@ function wp_update_category($catarr) { // First, get all of the original fields $category = get_category($cat_ID, ARRAY_A); + // Escape data pulled from DB. + $category = add_magic_quotes($category); + // Merge old and new fields with new fields overwriting old ones. $catarr = array_merge($category, $catarr); diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index 644857f5eb..421c430689 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -1333,7 +1333,7 @@ function _draft_or_post_title( $post = 0 ) { * */ function _admin_search_query() { - echo isset($_REQUEST['s']) ? esc_attr( wp_unslash( $_REQUEST['s'] ) ) : ''; + echo isset($_REQUEST['s']) ? esc_attr( stripslashes( $_REQUEST['s'] ) ) : ''; } /** diff --git a/wp-admin/includes/theme-install.php b/wp-admin/includes/theme-install.php index 5d5191b38a..5654f05e3c 100644 --- a/wp-admin/includes/theme-install.php +++ b/wp-admin/includes/theme-install.php @@ -50,8 +50,8 @@ function install_themes_feature_list() { * @since 2.8.0 */ function install_theme_search_form( $type_selector = true ) { - $type = isset( $_REQUEST['type'] ) ? wp_unslash( $_REQUEST['type'] ) : 'term'; - $term = isset( $_REQUEST['s'] ) ? wp_unslash( $_REQUEST['s'] ) : ''; + $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : 'term'; + $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; if ( ! $type_selector ) echo '

' . __( 'Search for themes by keyword.' ) . '

'; ?> @@ -179,7 +179,7 @@ add_action('install_themes_updated', 'display_themes'); function install_theme_information() { global $tab, $themes_allowedtags, $wp_list_table; - $theme = themes_api( 'theme_information', array( 'slug' => wp_unslash( $_REQUEST['theme'] ) ) ); + $theme = themes_api( 'theme_information', array( 'slug' => stripslashes( $_REQUEST['theme'] ) ) ); if ( is_wp_error( $theme ) ) wp_die( $theme ); diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 56b9649351..9ef77e5ba0 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -132,7 +132,7 @@ function wp_install_defaults($user_id) { $first_post = get_site_option( 'first_post' ); if ( empty($first_post) ) - $first_post = __( 'Welcome to SITE_NAME. This is your first post. Edit or delete it, then start blogging!' ); + $first_post = stripslashes( __( 'Welcome to SITE_NAME. This is your first post. Edit or delete it, then start blogging!' ) ); $first_post = str_replace( "SITE_URL", esc_url( network_home_url() ), $first_post ); $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); @@ -636,23 +636,23 @@ function upgrade_160() { $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); foreach ( $users as $user ) : if ( !empty( $user->user_firstname ) ) - update_user_meta( $user->ID, 'first_name', $user->user_firstname ); + update_user_meta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) ); if ( !empty( $user->user_lastname ) ) - update_user_meta( $user->ID, 'last_name', $user->user_lastname ); + update_user_meta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) ); if ( !empty( $user->user_nickname ) ) - update_user_meta( $user->ID, 'nickname', $user->user_nickname ); + update_user_meta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) ); if ( !empty( $user->user_level ) ) update_user_meta( $user->ID, $wpdb->prefix . 'user_level', $user->user_level ); if ( !empty( $user->user_icq ) ) - update_user_meta( $user->ID, 'icq', $user->user_icq ); + update_user_meta( $user->ID, 'icq', $wpdb->escape($user->user_icq) ); if ( !empty( $user->user_aim ) ) - update_user_meta( $user->ID, 'aim', $user->user_aim ); + update_user_meta( $user->ID, 'aim', $wpdb->escape($user->user_aim) ); if ( !empty( $user->user_msn ) ) - update_user_meta( $user->ID, 'msn', $user->user_msn ); + update_user_meta( $user->ID, 'msn', $wpdb->escape($user->user_msn) ); if ( !empty( $user->user_yim ) ) - update_user_meta( $user->ID, 'yim', $user->user_icq ); + update_user_meta( $user->ID, 'yim', $wpdb->escape($user->user_icq) ); if ( !empty( $user->user_description ) ) - update_user_meta( $user->ID, 'description', $user->user_description ); + update_user_meta( $user->ID, 'description', $wpdb->escape($user->user_description) ); if ( isset( $user->user_idmode ) ): $idmode = $user->user_idmode; @@ -854,7 +854,7 @@ function upgrade_230() { foreach ( $link_cats as $category) { $cat_id = (int) $category->cat_id; $term_id = 0; - $name = $category->cat_name; + $name = $wpdb->escape($category->cat_name); $slug = sanitize_title($name); $term_group = 0; diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 90c18d0c3d..ea3bdbf6a9 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -34,25 +34,22 @@ function edit_user( $user_id = 0 ) { $update = true; $user->ID = (int) $user_id; $userdata = get_userdata( $user_id ); - $user->user_login = $userdata->user_login; + $user->user_login = $wpdb->escape( $userdata->user_login ); } else { $update = false; } - // get clean data before we get started. - $post_data = wp_unslash( $_POST ); - - if ( !$update && isset( $post_data['user_login'] ) ) - $user->user_login = sanitize_user($post_data['user_login'], true); + if ( !$update && isset( $_POST['user_login'] ) ) + $user->user_login = sanitize_user($_POST['user_login'], true); $pass1 = $pass2 = ''; - if ( isset( $post_data['pass1'] )) - $pass1 = $post_data['pass1']; - if ( isset( $post_data['pass2'] )) - $pass2 = $post_data['pass2']; + if ( isset( $_POST['pass1'] )) + $pass1 = $_POST['pass1']; + if ( isset( $_POST['pass2'] )) + $pass2 = $_POST['pass2']; - if ( isset( $post_data['role'] ) && current_user_can( 'edit_users' ) ) { - $new_role = sanitize_text_field( $post_data['role'] ); + if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { + $new_role = sanitize_text_field( $_POST['role'] ); $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. @@ -65,44 +62,44 @@ function edit_user( $user_id = 0 ) { wp_die(__('You can’t give users that role.')); } - if ( isset( $post_data['email'] )) - $user->user_email = sanitize_text_field( $post_data['email'] ); - if ( isset( $post_data['url'] ) ) { - if ( empty ( $post_data['url'] ) || $post_data['url'] == 'http://' ) { + if ( isset( $_POST['email'] )) + $user->user_email = sanitize_text_field( $_POST['email'] ); + if ( isset( $_POST['url'] ) ) { + if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { $user->user_url = ''; } else { - $user->user_url = esc_url_raw( $post_data['url'] ); + $user->user_url = esc_url_raw( $_POST['url'] ); $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; } } - if ( isset( $post_data['first_name'] ) ) - $user->first_name = sanitize_text_field( $post_data['first_name'] ); - if ( isset( $post_data['last_name'] ) ) - $user->last_name = sanitize_text_field( $post_data['last_name'] ); - if ( isset( $post_data['nickname'] ) ) - $user->nickname = sanitize_text_field( $post_data['nickname'] ); - if ( isset( $post_data['display_name'] ) ) - $user->display_name = sanitize_text_field( $post_data['display_name'] ); + if ( isset( $_POST['first_name'] ) ) + $user->first_name = sanitize_text_field( $_POST['first_name'] ); + if ( isset( $_POST['last_name'] ) ) + $user->last_name = sanitize_text_field( $_POST['last_name'] ); + if ( isset( $_POST['nickname'] ) ) + $user->nickname = sanitize_text_field( $_POST['nickname'] ); + if ( isset( $_POST['display_name'] ) ) + $user->display_name = sanitize_text_field( $_POST['display_name'] ); - if ( isset( $post_data['description'] ) ) - $user->description = trim( $post_data['description'] ); + if ( isset( $_POST['description'] ) ) + $user->description = trim( $_POST['description'] ); foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) { - if ( isset( $post_data[$method] )) - $user->$method = sanitize_text_field( $post_data[$method] ); + if ( isset( $_POST[$method] )) + $user->$method = sanitize_text_field( $_POST[$method] ); } if ( $update ) { - $user->rich_editing = isset( $post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true'; - $user->admin_color = isset( $post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh'; - $user->show_admin_bar_front = isset( $post_data['admin_bar_front'] ) ? 'true' : 'false'; + $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; + $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; + $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; } - $user->comment_shortcuts = isset( $post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : ''; + $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; - if ( !empty($post_data['use_ssl']) ) + if ( !empty($_POST['use_ssl']) ) $user->use_ssl = 1; $errors = new WP_Error(); @@ -127,7 +124,7 @@ function edit_user( $user_id = 0 ) { } /* Check for "\" in password */ - if ( false !== strpos( $pass1, "\\" ) ) + if ( false !== strpos( stripslashes($pass1), "\\" ) ) $errors->add( 'pass', __( 'ERROR: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); /* checking the password has been typed twice the same */ @@ -137,7 +134,7 @@ function edit_user( $user_id = 0 ) { if ( !empty( $pass1 ) ) $user->user_pass = $pass1; - if ( !$update && isset( $post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) ) + if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) $errors->add( 'user_login', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' )); if ( !$update && username_exists( $user->user_login ) ) @@ -162,7 +159,7 @@ function edit_user( $user_id = 0 ) { $user_id = wp_update_user( $user ); } else { $user_id = wp_insert_user( $user ); - wp_new_user_notification( $user_id, isset($post_data['send_password']) ? $pass1 : '' ); + wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' ); } return $user_id; } diff --git a/wp-admin/install.php b/wp-admin/install.php index c8ade7323e..dd489af0cc 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -84,10 +84,10 @@ function display_setup_form( $error = null ) { if ( ! empty( $_POST ) ) $blog_public = isset( $_POST['blog_public'] ); - $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; - $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin'; - $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : ''; - $admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : ''; + $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : ''; + $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin'; + $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : ''; + $admin_email = isset( $_POST['admin_email'] ) ? trim( stripslashes( $_POST['admin_email'] ) ) : ''; if ( ! is_null( $error ) ) { ?> @@ -189,11 +189,11 @@ switch($step) { display_header(); // Fill in the data we gathered - $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : ''; - $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin'; - $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : ''; - $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : ''; - $admin_email = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : ''; + $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : ''; + $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin'; + $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : ''; + $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : ''; + $admin_email = isset( $_POST['admin_email'] ) ?trim( stripslashes( $_POST['admin_email'] ) ) : ''; $public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 0; // check e-mail address $error = false; diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 3154f8e3db..92194f0392 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -31,7 +31,7 @@ if ( $doaction && isset( $_REQUEST['linkcheck'] ) ) { exit; } } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); exit; } @@ -72,7 +72,7 @@ if ( ! current_user_can('manage_links') )

' . __('Search results for “%s”') . '', esc_html( wp_unslash($_REQUEST['s']) ) ); ?> + printf( '' . __('Search results for “%s”') . '', esc_html( stripslashes($_REQUEST['s']) ) ); ?>

get_error_codes() ) && 'no_wildcard_dns' == $result->get_error_code() ) network_step2( $result ); diff --git a/wp-admin/network/settings.php b/wp-admin/network/settings.php index e745694031..b3a0f897f4 100644 --- a/wp-admin/network/settings.php +++ b/wp-admin/network/settings.php @@ -61,7 +61,7 @@ if ( $_POST ) { foreach ( $options as $option_name ) { if ( ! isset($_POST[$option_name]) ) continue; - $value = wp_unslash( $_POST[$option_name] ); + $value = stripslashes_deep( $_POST[$option_name] ); update_site_option( $option_name, $value ); } @@ -181,7 +181,7 @@ if ( isset( $_GET['updated'] ) ) { +
@@ -190,7 +190,7 @@ if ( isset( $_GET['updated'] ) ) { +
@@ -199,7 +199,7 @@ if ( isset( $_GET['updated'] ) ) { +
@@ -208,7 +208,7 @@ if ( isset( $_GET['updated'] ) ) { +
@@ -217,7 +217,7 @@ if ( isset( $_GET['updated'] ) ) { +
diff --git a/wp-admin/network/site-info.php b/wp-admin/network/site-info.php index 7dd6aeb23a..bcc71f9f18 100644 --- a/wp-admin/network/site-info.php +++ b/wp-admin/network/site-info.php @@ -62,7 +62,7 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] ) { delete_option( 'rewrite_rules' ); // update blogs table - $blog_data = wp_unslash( $_POST['blog'] ); + $blog_data = stripslashes_deep( $_POST['blog'] ); $existing_details = get_blog_details( $id, false ); $blog_data_checkboxes = array( 'public', 'archived', 'spam', 'mature', 'deleted' ); foreach ( $blog_data_checkboxes as $c ) { diff --git a/wp-admin/network/site-new.php b/wp-admin/network/site-new.php index 3712c08c42..db2e1f74c0 100644 --- a/wp-admin/network/site-new.php +++ b/wp-admin/network/site-new.php @@ -38,7 +38,7 @@ if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) { if ( ! is_array( $_POST['blog'] ) ) wp_die( __( 'Can’t create an empty site.' ) ); - $blog = wp_unslash( $_POST['blog'] ); + $blog = $_POST['blog']; $domain = ''; if ( preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) ) $domain = strtolower( $blog['domain'] ); @@ -88,7 +88,7 @@ if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) { $content_mail = sprintf( __( 'New site created by %1$s Address: %2$s -Name: %3$s' ), $current_user->user_login , get_site_url( $id ), $title ); +Name: %3$s' ), $current_user->user_login , get_site_url( $id ), stripslashes( $title ) ); wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' ); wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) ); wp_redirect( add_query_arg( array( 'update' => 'added', 'id' => $id ), 'site-new.php' ) ); diff --git a/wp-admin/network/site-settings.php b/wp-admin/network/site-settings.php index a4ab33b707..f807fcf2c5 100644 --- a/wp-admin/network/site-settings.php +++ b/wp-admin/network/site-settings.php @@ -53,14 +53,12 @@ if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_ar $count = count( $_POST['option'] ); $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form. foreach ( (array) $_POST['option'] as $key => $val ) { - $key = wp_unslash( $key ); - $val = wp_unslash( $val ); if ( $key === 0 || is_array( $val ) || in_array($key, $skip_options) ) continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options if ( $c == $count ) - update_option( $key, $val ); + update_option( $key, stripslashes( $val ) ); else - update_option( $key, $val, false ); // no need to refresh blog details yet + update_option( $key, stripslashes( $val ), false ); // no need to refresh blog details yet $c++; } diff --git a/wp-admin/network/sites.php b/wp-admin/network/sites.php index 93341c35e9..3a102e3100 100644 --- a/wp-admin/network/sites.php +++ b/wp-admin/network/sites.php @@ -79,7 +79,7 @@ if ( isset( $_GET['action'] ) ) { -

+

diff --git a/wp-admin/options-head.php b/wp-admin/options-head.php index 1c706c87d7..35d921b920 100644 --- a/wp-admin/options-head.php +++ b/wp-admin/options-head.php @@ -2,7 +2,8 @@ /** * WordPress Options Header. * - * Displays updated message, if updated variable is part of the URL query. + * Resets variables: 'action', 'standalone', and 'option_group_id'. Displays + * updated message, if updated variable is part of the URL query. * * @package WordPress * @subpackage Administration diff --git a/wp-admin/options.php b/wp-admin/options.php index 80a07190df..92ae917bf7 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -120,16 +120,16 @@ if ( 'update' == $action ) { if ( 'options' == $option_page ) { if ( is_multisite() && ! is_super_admin() ) wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) ); - $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) ); + $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) ); } else { $options = $whitelist_options[ $option_page ]; } // Handle custom date/time formats if ( 'general' == $option_page ) { - if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) + if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) ) $_POST['date_format'] = $_POST['date_format_custom']; - if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) + if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) ) $_POST['time_format'] = $_POST['time_format_custom']; // Map UTC+- timezones to gmt_offsets and set timezone_string to empty. if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) { @@ -150,7 +150,7 @@ if ( 'update' == $action ) { $value = $_POST[ $option ]; if ( ! is_array( $value ) ) $value = trim( $value ); - $value = wp_unslash( $value ); + $value = stripslashes_deep( $value ); } update_option( $option, $value ); } diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index 122362a527..ac64f1aea1 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -28,7 +28,7 @@ if ( empty($plugins) ) wp_die( __('There are no plugins installed on this site.') ); if ( isset($_REQUEST['file']) ) - $plugin = wp_unslash($_REQUEST['file']); + $plugin = stripslashes($_REQUEST['file']); if ( empty($plugin) ) { $plugin = array_keys($plugins); @@ -39,6 +39,8 @@ $plugin_files = get_plugin_files($plugin); if ( empty($file) ) $file = $plugin_files[0]; +else + $file = stripslashes($file); $file = validate_file_to_edit($file, $plugin_files); $real_file = WP_PLUGIN_DIR . '/' . $file; @@ -50,7 +52,7 @@ case 'update': check_admin_referer('edit-plugin_' . $file); - $newcontent = wp_unslash( $_POST['newcontent'] ); + $newcontent = stripslashes($_POST['newcontent']); if ( is_writeable($real_file) ) { $f = fopen($real_file, 'w+'); fwrite($f, $newcontent); diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 9fa610d2c9..6542fa31e8 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -91,11 +91,11 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { } // Set Variables -$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; +$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; $selection = ''; if ( !empty($_GET['s']) ) { - $selection = str_replace(''', "'", wp_unslash($_GET['s'])); + $selection = str_replace(''', "'", stripslashes($_GET['s'])); $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); } diff --git a/wp-admin/setup-config.php b/wp-admin/setup-config.php index 372b9a33e1..7409d010ff 100644 --- a/wp-admin/setup-config.php +++ b/wp-admin/setup-config.php @@ -164,7 +164,7 @@ switch($step) { case 2: foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key ) - $$key = trim( wp_unslash( $_POST[ $key ] ) ); + $$key = trim( stripslashes( $_POST[ $key ] ) ); $tryagain_link = '

' . __( 'Try again' ) . ''; diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index 2033a23845..7f814d28eb 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -68,7 +68,7 @@ if ( empty( $file ) ) { $relative_file = 'style.css'; $file = $allowed_files['style.css']; } else { - $relative_file = $file; + $relative_file = stripslashes( $file ); $file = $theme->get_stylesheet_directory() . '/' . $relative_file; } @@ -78,7 +78,7 @@ $scrollto = isset( $_REQUEST['scrollto'] ) ? (int) $_REQUEST['scrollto'] : 0; switch( $action ) { case 'update': check_admin_referer( 'edit-theme_' . $file . $stylesheet ); - $newcontent = wp_unslash( $_POST['newcontent'] ); + $newcontent = stripslashes( $_POST['newcontent'] ); $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto; if ( is_writeable( $file ) ) { //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable diff --git a/wp-admin/update.php b/wp-admin/update.php index 7383aefa2c..687142e218 100644 --- a/wp-admin/update.php +++ b/wp-admin/update.php @@ -26,7 +26,7 @@ if ( isset($_GET['action']) ) { check_admin_referer( 'bulk-update-plugins' ); if ( isset( $_GET['plugins'] ) ) - $plugins = explode( ',', wp_unslash($_GET['plugins']) ); + $plugins = explode( ',', stripslashes($_GET['plugins']) ); elseif ( isset( $_POST['checked'] ) ) $plugins = (array) $_POST['checked']; else @@ -109,7 +109,7 @@ if ( isset($_GET['action']) ) { $nonce = 'install-plugin_' . $plugin; $url = 'update.php?action=install-plugin&plugin=' . $plugin; if ( isset($_GET['from']) ) - $url .= '&from=' . urlencode( wp_unslash( $_GET['from'] ) ); + $url .= '&from=' . urlencode(stripslashes($_GET['from'])); $type = 'web'; //Install plugin type, From Web or an Upload. @@ -173,7 +173,7 @@ if ( isset($_GET['action']) ) { check_admin_referer( 'bulk-update-themes' ); if ( isset( $_GET['themes'] ) ) - $themes = explode( ',', wp_unslash( $_GET['themes'] ) ); + $themes = explode( ',', stripslashes($_GET['themes']) ); elseif ( isset( $_POST['checked'] ) ) $themes = (array) $_POST['checked']; else diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php index b04287735d..73933db424 100644 --- a/wp-admin/upgrade.php +++ b/wp-admin/upgrade.php @@ -77,7 +77,7 @@ else @@ -90,7 +90,7 @@ switch ( $step ) : case 1: wp_upgrade(); - $backto = !empty($_GET['backto']) ? wp_unslash( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/'; + $backto = !empty($_GET['backto']) ? stripslashes( urldecode( $_GET['backto'] ) ) : __get_option( 'home' ) . '/'; $backto = esc_url( $backto ); $backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/'); ?> diff --git a/wp-admin/upload.php b/wp-admin/upload.php index db4c5220f3..7d50d5290d 100644 --- a/wp-admin/upload.php +++ b/wp-admin/upload.php @@ -132,7 +132,7 @@ if ( $doaction ) { wp_redirect( $location ); exit; } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) ); exit; } diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 9b15c81411..01552bd38b 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -54,7 +54,7 @@ get_current_screen()->set_help_sidebar( '

' . __('Support Forums') . '

' ); -$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer ); +$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' ); diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php index 9c480f59dd..c834273550 100644 --- a/wp-admin/user-new.php +++ b/wp-admin/user-new.php @@ -112,15 +112,15 @@ Please click the following link to confirm the invite: } } else { // Adding a new user to this blog - $user_details = wpmu_validate_user_signup( wp_unslash( $_REQUEST[ 'user_login' ] ), wp_unslash( $_REQUEST[ 'email' ] ) ); + $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] ); if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) { $add_user_errors = $user_details[ 'errors' ]; } else { - $new_user_login = apply_filters('pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) ); + $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true)); if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email } - wpmu_signup_user( $new_user_login, wp_unslash( $_REQUEST[ 'email' ] ), array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); + wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) ); wpmu_activate_signup( $key ); @@ -309,7 +309,7 @@ foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_nam $var = "new_user_$var"; if( isset( $_POST['createuser'] ) ) { if ( ! isset($$var) ) - $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : ''; + $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : ''; } else { $$var = false; } diff --git a/wp-admin/users.php b/wp-admin/users.php index e807487a57..d6fef420c8 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -64,9 +64,9 @@ get_current_screen()->set_help_sidebar( ); if ( empty($_REQUEST) ) { - $referer = ''; + $referer = ''; } elseif ( isset($_REQUEST['wp_http_referer']) ) { - $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) ); + $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); $referer = ''; } else { $redirect = 'users.php'; @@ -357,7 +357,7 @@ break; default: if ( !empty($_GET['_wp_http_referer']) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); exit; } @@ -381,7 +381,7 @@ default: case 'add': if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) { $messages[] = '

' . sprintf( __( 'New user created. Edit user' ), - esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), + esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '

'; } else { $messages[] = '

' . __( 'New user created.' ) . '

'; diff --git a/wp-comments-post.php b/wp-comments-post.php index c19aeadbf5..194e00f544 100644 --- a/wp-comments-post.php +++ b/wp-comments-post.php @@ -17,9 +17,7 @@ require( dirname(__FILE__) . '/wp-load.php' ); nocache_headers(); -$post_data = wp_unslash( $_POST ); - -$comment_post_ID = isset($post_data['comment_post_ID']) ? (int) $post_data['comment_post_ID'] : 0; +$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0; $post = get_post($comment_post_ID); @@ -49,21 +47,21 @@ if ( !comments_open($comment_post_ID) ) { do_action('pre_comment_on_post', $comment_post_ID); } -$comment_author = ( isset( $post_data['author'] ) ) ? trim( strip_tags( $post_data['author'] ) ) : null; -$comment_author_email = ( isset( $post_data['email'] ) ) ? trim( $post_data['email'] ) : null; -$comment_author_url = ( isset( $post_data['url'] ) ) ? trim( $post_data['url'] ) : null; -$comment_content = ( isset( $post_data['comment'] ) ) ? trim( $post_data['comment'] ) : null; +$comment_author = ( isset($_POST['author']) ) ? trim(strip_tags($_POST['author'])) : null; +$comment_author_email = ( isset($_POST['email']) ) ? trim($_POST['email']) : null; +$comment_author_url = ( isset($_POST['url']) ) ? trim($_POST['url']) : null; +$comment_content = ( isset($_POST['comment']) ) ? trim($_POST['comment']) : null; // If the user is logged in $user = wp_get_current_user(); if ( $user->exists() ) { if ( empty( $user->display_name ) ) - $user->display_name = $user->user_login; - $comment_author = $user->display_name; - $comment_author_email = $user->user_email; - $comment_author_url = $user->user_url; + $user->display_name=$user->user_login; + $comment_author = $wpdb->escape($user->display_name); + $comment_author_email = $wpdb->escape($user->user_email); + $comment_author_url = $wpdb->escape($user->user_url); if ( current_user_can('unfiltered_html') ) { - if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $post_data['_wp_unfiltered_html_comment'] ) { + if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { kses_remove_filters(); // start with a clean slate kses_init_filters(); // set up the filters } @@ -85,7 +83,7 @@ if ( get_option('require_name_email') && !$user->exists() ) { if ( '' == $comment_content ) wp_die( __('ERROR: please type a comment.') ); -$comment_parent = isset($post_data['comment_parent']) ? absint($post_data['comment_parent']) : 0; +$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); @@ -94,7 +92,7 @@ $comment_id = wp_new_comment( $commentdata ); $comment = get_comment($comment_id); do_action('set_comment_cookies', $comment, $user); -$location = empty($post_data['redirect_to']) ? get_comment_link($comment_id) : $post_data['redirect_to'] . '#comment-' . $comment_id; +$location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id; $location = apply_filters('comment_post_redirect', $location, $comment); wp_safe_redirect( $location ); diff --git a/wp-includes/class-wp-customize-manager.php b/wp-includes/class-wp-customize-manager.php index 1e41e8fafc..4be338969a 100644 --- a/wp-includes/class-wp-customize-manager.php +++ b/wp-includes/class-wp-customize-manager.php @@ -310,7 +310,7 @@ final class WP_Customize_Manager { public function post_value( $setting ) { if ( ! isset( $this->_post_values ) ) { if ( isset( $_POST['customized'] ) ) - $this->_post_values = json_decode( wp_unslash( $_POST['customized'] ), true ); + $this->_post_values = json_decode( stripslashes( $_POST['customized'] ), true ); else $this->_post_values = false; } diff --git a/wp-includes/class-wp-customize-setting.php b/wp-includes/class-wp-customize-setting.php index c8542efefa..dd49f79f26 100644 --- a/wp-includes/class-wp-customize-setting.php +++ b/wp-includes/class-wp-customize-setting.php @@ -144,7 +144,7 @@ class WP_Customize_Setting { * @return mixed Null if an input isn't valid, otherwise the sanitized value. */ public function sanitize( $value ) { - $value = wp_unslash( $value ); + $value = stripslashes_deep( $value ); return apply_filters( "customize_sanitize_{$this->id}", $value, $this ); } diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index d6ee2a1323..c55fbeebdc 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -280,15 +280,17 @@ class wp_xmlrpc_server extends IXR_Server { $meta['id'] = (int) $meta['id']; $pmeta = get_metadata_by_mid( 'post', $meta['id'] ); if ( isset($meta['key']) ) { + $meta['key'] = stripslashes( $meta['key'] ); if ( $meta['key'] != $pmeta->meta_key ) continue; + $meta['value'] = stripslashes_deep( $meta['value'] ); if ( current_user_can( 'edit_post_meta', $post_id, $meta['key'] ) ) update_metadata_by_mid( 'post', $meta['id'], $meta['value'] ); } elseif ( current_user_can( 'delete_post_meta', $post_id, $pmeta->meta_key ) ) { delete_metadata_by_mid( 'post', $meta['id'] ); } - } elseif ( current_user_can( 'add_post_meta', $post_id, $meta['key'] ) ) { - wp_add_post_meta( $post_id, $meta['key'], $meta['value'] ); + } elseif ( current_user_can( 'add_post_meta', $post_id, stripslashes( $meta['key'] ) ) ) { + add_post_meta( $post_id, $meta['key'], $meta['value'] ); } } } @@ -460,6 +462,8 @@ class wp_xmlrpc_server extends IXR_Server { return $this->blogger_getUsersBlogs( $args ); } + $this->escape( $args ); + $username = $args[0]; $password = $args[1]; @@ -951,6 +955,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1233,6 +1239,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1266,6 +1274,7 @@ class wp_xmlrpc_server extends IXR_Server { else $post['post_date_gmt'] = $this->_convert_date( $post['post_date_gmt'] ); + $this->escape( $post ); $merged_content_struct = array_merge( $post, $content_struct ); $retval = $this->_insert_post( $user, $merged_content_struct ); @@ -1292,6 +1301,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1366,6 +1377,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1421,6 +1434,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1514,6 +1529,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1599,6 +1616,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1689,6 +1708,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1754,6 +1775,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 5 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1805,6 +1828,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1878,6 +1903,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1920,6 +1947,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -1987,6 +2016,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2038,6 +2069,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2104,6 +2137,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2149,6 +2184,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2212,6 +2249,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getPage($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $page_id = (int) $args[1]; $username = $args[2]; @@ -2253,6 +2292,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getPages($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2295,8 +2336,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return unknown */ function wp_newPage($args) { - $username = $args[1]; - $password = $args[2]; + // Items not escaped here will be escaped in newPost. + $username = $this->escape($args[1]); + $password = $this->escape($args[2]); $page = $args[3]; $publish = $args[4]; @@ -2321,6 +2363,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return bool True, if success. */ function wp_deletePage($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2360,10 +2404,11 @@ class wp_xmlrpc_server extends IXR_Server { * @return unknown */ function wp_editPage($args) { + // Items not escaped here will be escaped in editPost. $blog_id = (int) $args[0]; - $page_id = (int) $args[1]; - $username = $args[2]; - $password = $args[3]; + $page_id = (int) $this->escape($args[1]); + $username = $this->escape($args[2]); + $password = $this->escape($args[3]); $content = $args[4]; $publish = $args[5]; @@ -2408,6 +2453,8 @@ class wp_xmlrpc_server extends IXR_Server { function wp_getPageList($args) { global $wpdb; + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2456,6 +2503,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getAuthors($args) { + + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2489,6 +2539,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getTags( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2528,6 +2580,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return int Category ID. */ function wp_newCategory($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2587,6 +2641,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return mixed See {@link wp_delete_term()} for return info. */ function wp_deleteCategory($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2617,6 +2673,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_suggestCategories($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2652,6 +2710,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getComment($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2691,6 +2751,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array. Contains a collection of comments. See {@link wp_xmlrpc_server::wp_getComment()} for a description of each item contents */ function wp_getComments($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2749,6 +2811,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return mixed {@link wp_delete_comment()} */ function wp_deleteComment($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2801,6 +2865,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return bool True, on success. */ function wp_editComment($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2876,6 +2942,8 @@ class wp_xmlrpc_server extends IXR_Server { function wp_newComment($args) { global $wpdb; + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2910,9 +2978,9 @@ class wp_xmlrpc_server extends IXR_Server { $comment['comment_post_ID'] = $post_id; if ( $logged_in ) { - $comment['comment_author'] = $user->display_name; - $comment['comment_author_email'] = $user->user_email; - $comment['comment_author_url'] = $user->user_url; + $comment['comment_author'] = $wpdb->escape( $user->display_name ); + $comment['comment_author_email'] = $wpdb->escape( $user->user_email ); + $comment['comment_author_url'] = $wpdb->escape( $user->user_url ); $comment['user_ID'] = $user->ID; } else { $comment['comment_author'] = ''; @@ -2959,6 +3027,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getCommentStatusList($args) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -2983,6 +3053,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getCommentCount( $args ) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3014,6 +3086,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getPostStatusList( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3038,6 +3112,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getPageStatusList( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3062,6 +3138,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getPageTemplates( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3087,6 +3165,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getOptions( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3135,6 +3215,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return unknown */ function wp_setOptions( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3182,6 +3264,8 @@ class wp_xmlrpc_server extends IXR_Server { * - 'metadata' */ function wp_getMediaItem($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3225,6 +3309,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array. Contains a collection of media items. See {@link wp_xmlrpc_server::wp_getMediaItem()} for a description of each item contents */ function wp_getMediaLibrary($args) { + $this->escape($args); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3265,6 +3351,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function wp_getPostFormats( $args ) { + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3323,6 +3411,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3367,6 +3457,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3419,6 +3511,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 4 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3483,6 +3577,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( ! $this->minimum_args( $args, 3 ) ) return $this->error; + $this->escape( $args ); + $blog_id = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -3532,6 +3628,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( is_multisite() ) return $this->_multisite_getUsersBlogs($args); + $this->escape($args); + $username = $args[1]; $password = $args[2]; @@ -3593,6 +3691,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function blogger_getUserInfo($args) { + + $this->escape($args); + $username = $args[1]; $password = $args[2]; @@ -3624,6 +3725,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function blogger_getPost($args) { + + $this->escape($args); + $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -3642,9 +3746,9 @@ class wp_xmlrpc_server extends IXR_Server { $categories = implode(',', wp_get_post_categories($post_ID)); - $content = ''.$post_data['post_title'].''; + $content = ''.stripslashes($post_data['post_title']).''; $content .= ''.$categories.''; - $content .= $post_data['post_content']; + $content .= stripslashes($post_data['post_content']); $struct = array( 'userid' => $post_data['post_author'], @@ -3665,6 +3769,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function blogger_getRecentPosts($args) { + + $this->escape($args); + // $args[0] = appkey - ignored $blog_ID = (int) $args[1]; /* though we don't use it yet */ $username = $args[2]; @@ -3693,9 +3800,9 @@ class wp_xmlrpc_server extends IXR_Server { $post_date = $this->_convert_date( $entry['post_date'] ); $categories = implode(',', wp_get_post_categories($entry['ID'])); - $content = ''.$entry['post_title'].''; + $content = ''.stripslashes($entry['post_title']).''; $content .= ''.$categories.''; - $content .= $entry['post_content']; + $content .= stripslashes($entry['post_content']); $struct[] = array( 'userid' => $entry['post_author'], @@ -3743,6 +3850,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return int */ function blogger_newPost($args) { + + $this->escape($args); + $blog_ID = (int) $args[1]; /* though we don't use it yet */ $username = $args[2]; $password = $args[3]; @@ -3794,6 +3904,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return bool true when done. */ function blogger_editPost($args) { + + $this->escape($args); + $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -3810,6 +3923,8 @@ class wp_xmlrpc_server extends IXR_Server { if ( !$actual_post || $actual_post['post_type'] != 'post' ) return new IXR_Error(404, __('Sorry, no such post.')); + $this->escape($actual_post); + if ( !current_user_can('edit_post', $post_ID) ) return new IXR_Error(401, __('Sorry, you do not have the right to edit this post.')); @@ -3845,6 +3960,8 @@ class wp_xmlrpc_server extends IXR_Server { * @return bool True when post is deleted. */ function blogger_deletePost($args) { + $this->escape($args); + $post_ID = (int) $args[1]; $username = $args[2]; $password = $args[3]; @@ -3913,11 +4030,13 @@ class wp_xmlrpc_server extends IXR_Server { * @return int */ function mw_newPost($args) { - $blog_ID = (int) $args[0]; - $username = $args[1]; - $password = $args[2]; + $this->escape($args); + + $blog_ID = (int) $args[0]; + $username = $args[1]; + $password = $args[2]; $content_struct = $args[3]; - $publish = isset( $args[4] ) ? $args[4] : 0; + $publish = isset( $args[4] ) ? $args[4] : 0; if ( !$user = $this->login($username, $password) ) return $this->error; @@ -4197,7 +4316,7 @@ class wp_xmlrpc_server extends IXR_Server { } } if (!$found) - wp_add_post_meta( $post_ID, 'enclosure', $encstring ); + add_post_meta( $post_ID, 'enclosure', $encstring ); } } @@ -4231,6 +4350,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return bool True on success. */ function mw_editPost($args) { + + $this->escape($args); + $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4269,6 +4391,7 @@ class wp_xmlrpc_server extends IXR_Server { } } + $this->escape($postdata); extract($postdata, EXTR_SKIP); // Let WordPress manage slug if none was provided. @@ -4496,6 +4619,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function mw_getPost($args) { + + $this->escape($args); + $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4617,6 +4743,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function mw_getRecentPosts($args) { + + $this->escape($args); + $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4729,6 +4858,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function mw_getCategories($args) { + + $this->escape($args); + $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4775,10 +4907,10 @@ class wp_xmlrpc_server extends IXR_Server { function mw_newMediaObject($args) { global $wpdb; - $blog_ID = (int) $args[0]; - $username = $args[1]; - $password = $args[2]; - $data = $args[3]; + $blog_ID = (int) $args[0]; + $username = $wpdb->escape($args[1]); + $password = $wpdb->escape($args[2]); + $data = $args[3]; $name = sanitize_file_name( $data['name'] ); $type = $data['type']; @@ -4865,6 +4997,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function mt_getRecentPostTitles($args) { + + $this->escape($args); + $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4922,6 +5057,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function mt_getCategoryList($args) { + + $this->escape($args); + $blog_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4957,6 +5095,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function mt_getPostCategories($args) { + + $this->escape($args); + $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -4997,6 +5138,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return bool True on success. */ function mt_setPostCategories($args) { + + $this->escape($args); + $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5106,6 +5250,9 @@ class wp_xmlrpc_server extends IXR_Server { * @return int */ function mt_publishPost($args) { + + $this->escape($args); + $post_ID = (int) $args[0]; $username = $args[1]; $password = $args[2]; @@ -5127,6 +5274,7 @@ class wp_xmlrpc_server extends IXR_Server { // retain old cats $cats = wp_get_post_categories($post_ID); $postdata['post_category'] = $cats; + $this->escape($postdata); $result = wp_update_post($postdata); @@ -5150,6 +5298,8 @@ class wp_xmlrpc_server extends IXR_Server { do_action('xmlrpc_call', 'pingback.ping'); + $this->escape($args); + $pagelinkedfrom = $args[0]; $pagelinkedto = $args[1]; @@ -5285,15 +5435,15 @@ class wp_xmlrpc_server extends IXR_Server { $pagelinkedfrom = str_replace('&', '&', $pagelinkedfrom); $context = '[...] ' . esc_html( $excerpt ) . ' [...]'; - $pagelinkedfrom = $pagelinkedfrom; + $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom ); $comment_post_ID = (int) $post_ID; $comment_author = $title; $comment_author_email = ''; - $comment_author; + $this->escape($comment_author); $comment_author_url = $pagelinkedfrom; $comment_content = $context; - $comment_content; + $this->escape($comment_content); $comment_type = 'pingback'; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_content', 'comment_type'); @@ -5315,10 +5465,13 @@ class wp_xmlrpc_server extends IXR_Server { * @return array */ function pingback_extensions_getPingbacks($args) { + global $wpdb; do_action('xmlrpc_call', 'pingback.extensions.getPingbacks'); + $this->escape($args); + $url = $args; $post_ID = url_to_postid($url); diff --git a/wp-includes/class-wp.php b/wp-includes/class-wp.php index 36faf66d80..802580f1e5 100644 --- a/wp-includes/class-wp.php +++ b/wp-includes/class-wp.php @@ -142,15 +142,15 @@ class WP { $this->did_permalink = true; if ( isset($_SERVER['PATH_INFO']) ) - $pathinfo = wp_unslash( $_SERVER['PATH_INFO'] ); + $pathinfo = $_SERVER['PATH_INFO']; else $pathinfo = ''; $pathinfo_array = explode('?', $pathinfo); $pathinfo = str_replace("%", "%25", $pathinfo_array[0]); - $req_uri = wp_unslash( $_SERVER['REQUEST_URI'] ); + $req_uri = $_SERVER['REQUEST_URI']; $req_uri_array = explode('?', $req_uri); $req_uri = $req_uri_array[0]; - $self = wp_unslash( $_SERVER['PHP_SELF'] ); + $self = $_SERVER['PHP_SELF']; $home_path = parse_url(home_url()); if ( isset($home_path['path']) ) $home_path = $home_path['path']; @@ -255,9 +255,9 @@ class WP { if ( isset( $this->extra_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; elseif ( isset( $_POST[$wpvar] ) ) - $this->query_vars[$wpvar] = wp_unslash( $_POST[$wpvar] ); + $this->query_vars[$wpvar] = $_POST[$wpvar]; elseif ( isset( $_GET[$wpvar] ) ) - $this->query_vars[$wpvar] = wp_unslash( $_GET[$wpvar] ); + $this->query_vars[$wpvar] = $_GET[$wpvar]; elseif ( isset( $perma_query_vars[$wpvar] ) ) $this->query_vars[$wpvar] = $perma_query_vars[$wpvar]; @@ -356,7 +356,7 @@ class WP { // Support for Conditional GET if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) - $client_etag = stripslashes( wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) ); // Retain extra strip. See #2597 + $client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH'])); else $client_etag = false; $client_last_modified = empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? '' : trim($_SERVER['HTTP_IF_MODIFIED_SINCE']); diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 647c9e5e4e..65e18a7e4a 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -633,22 +633,22 @@ function wp_set_comment_cookies($comment, $user) { */ function sanitize_comment_cookies() { if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) { - $comment_author = wp_unslash( $_COOKIE['comment_author_'.COOKIEHASH] ); - $comment_author = apply_filters('pre_comment_author_name', $comment_author); + $comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]); + $comment_author = stripslashes($comment_author); $comment_author = esc_attr($comment_author); $_COOKIE['comment_author_'.COOKIEHASH] = $comment_author; } if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) { - $comment_author_email = wp_unslash( $_COOKIE['comment_author_email_'.COOKIEHASH] ); - $comment_author_email = apply_filters('pre_comment_author_email', $comment_author_email); + $comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]); + $comment_author_email = stripslashes($comment_author_email); $comment_author_email = esc_attr($comment_author_email); $_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email; } if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) { - $comment_author_url = wp_unslash( $_COOKIE['comment_author_url_'.COOKIEHASH] ); - $comment_author_url = apply_filters('pre_comment_author_url', $comment_author_url); + $comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]); + $comment_author_url = stripslashes($comment_author_url); $_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url; } } @@ -670,10 +670,11 @@ function wp_allow_comment($commentdata) { extract($commentdata, EXTR_SKIP); // Simple duplicate check - $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", $comment_post_ID, $comment_parent, $comment_author ); + // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) + $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_parent = '$comment_parent' AND comment_approved != 'trash' AND ( comment_author = '$comment_author' "; if ( $comment_author_email ) - $dupe .= $wpdb->prepare( "OR comment_author_email = %s ", $comment_author_email ); - $dupe .= $wpdb->prepare( ") AND comment_content = %s LIMIT 1", $comment_content ); + $dupe .= "OR comment_author_email = '$comment_author_email' "; + $dupe .= ") AND comment_content = '$comment_content' LIMIT 1"; if ( $wpdb->get_var($dupe) ) { do_action( 'comment_duplicate_trigger', $commentdata ); if ( defined('DOING_AJAX') ) @@ -1261,7 +1262,7 @@ function wp_get_current_commenter() { */ function wp_insert_comment($commentdata) { global $wpdb; - extract($commentdata, EXTR_SKIP); + extract(stripslashes_deep($commentdata), EXTR_SKIP); if ( ! isset($comment_author_IP) ) $comment_author_IP = ''; @@ -1490,6 +1491,9 @@ function wp_update_comment($commentarr) { // First, get all of the original fields $comment = get_comment($commentarr['comment_ID'], ARRAY_A); + // Escape data pulled from DB. + $comment = esc_sql($comment); + $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. @@ -1498,7 +1502,7 @@ function wp_update_comment($commentarr) { $commentarr = wp_filter_comment( $commentarr ); // Now extract the merged array. - extract($commentarr, EXTR_SKIP); + extract(stripslashes_deep($commentarr), EXTR_SKIP); $comment_content = apply_filters('comment_save_pre', $comment_content); diff --git a/wp-includes/cron.php b/wp-includes/cron.php index 6668dc546e..4e469a051c 100644 --- a/wp-includes/cron.php +++ b/wp-includes/cron.php @@ -230,7 +230,7 @@ function spawn_cron( $gmt_time = 0 ) { set_transient( 'doing_cron', $doing_wp_cron ); ob_start(); - wp_redirect( add_query_arg( 'doing_wp_cron', $doing_wp_cron, wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + wp_redirect( add_query_arg('doing_wp_cron', $doing_wp_cron, stripslashes($_SERVER['REQUEST_URI'])) ); echo ' '; // flush any buffers and send the headers diff --git a/wp-includes/default-filters.php b/wp-includes/default-filters.php index cdc4e9cbdf..c24e68d7f2 100644 --- a/wp-includes/default-filters.php +++ b/wp-includes/default-filters.php @@ -14,8 +14,8 @@ // Strip, trim, kses, special chars for string saves foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) { - add_filter( $filter, 'sanitize_text_field' ); - add_filter( $filter, 'wp_kses_data' ); + add_filter( $filter, 'sanitize_text_field' ); + add_filter( $filter, 'wp_filter_kses' ); add_filter( $filter, '_wp_specialchars', 30 ); } @@ -31,7 +31,7 @@ foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target', // Kses only for textarea saves foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) { - add_filter( $filter, 'wp_kses_data' ); + add_filter( $filter, 'wp_filter_kses' ); } // Kses only for textarea admin displays @@ -46,7 +46,7 @@ if ( is_admin() ) { foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) { add_filter( $filter, 'trim' ); add_filter( $filter, 'sanitize_email' ); - add_filter( $filter, 'wp_kses_data' ); + add_filter( $filter, 'wp_filter_kses' ); } // Email admin display diff --git a/wp-includes/default-widgets.php b/wp-includes/default-widgets.php index 2545957e1f..5033ae88ca 100644 --- a/wp-includes/default-widgets.php +++ b/wp-includes/default-widgets.php @@ -413,7 +413,7 @@ class WP_Widget_Text extends WP_Widget { if ( current_user_can('unfiltered_html') ) $instance['text'] = $new_instance['text']; else - $instance['text'] = wp_kses_post( $new_instance['text'] ); + $instance['text'] = stripslashes( wp_filter_post_kses( addslashes($new_instance['text']) ) ); // wp_filter_post_kses() expects slashed $instance['filter'] = isset($new_instance['filter']); return $instance; } @@ -1057,8 +1057,8 @@ class WP_Widget_Tag_Cloud extends WP_Widget { } function update( $new_instance, $old_instance ) { - $instance['title'] = strip_tags( $new_instance['title'] ); - $instance['taxonomy'] = $new_instance['taxonomy']; + $instance['title'] = strip_tags(stripslashes($new_instance['title'])); + $instance['taxonomy'] = stripslashes($new_instance['taxonomy']); return $instance; } @@ -1119,7 +1119,7 @@ class WP_Widget_Tag_Cloud extends WP_Widget { } function update( $new_instance, $old_instance ) { - $instance['title'] = strip_tags( $new_instance['title'] ); + $instance['title'] = strip_tags( stripslashes($new_instance['title']) ); $instance['nav_menu'] = (int) $new_instance['nav_menu']; return $instance; } diff --git a/wp-includes/deprecated.php b/wp-includes/deprecated.php index 8d336869fd..5c964a99b1 100644 --- a/wp-includes/deprecated.php +++ b/wp-includes/deprecated.php @@ -2383,7 +2383,7 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) { /** @todo Might need fix because usermeta data is assumed to be already escaped */ if ( is_string($meta_value) ) - $meta_value = $meta_value; + $meta_value = stripslashes($meta_value); $meta_value = maybe_serialize($meta_value); if (empty($meta_value)) { diff --git a/wp-includes/feed.php b/wp-includes/feed.php index c0b2440825..678717352e 100644 --- a/wp-includes/feed.php +++ b/wp-includes/feed.php @@ -488,7 +488,7 @@ function prep_atom_text_construct($data) { */ function self_link() { $host = @parse_url(home_url()); - echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ); + echo esc_url( apply_filters( 'self_link', set_url_scheme( 'http://' . $host['host'] . stripslashes( $_SERVER['REQUEST_URI'] ) ) ) ); } /** diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 3f60c5b5ea..162ded733c 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -1716,7 +1716,10 @@ function _split_str_by_whitespace( $string, $goal ) { * @return string Converted content. */ function wp_rel_nofollow( $text ) { + // This is a pre save filter, so text is already escaped. + $text = stripslashes($text); $text = preg_replace_callback('||i', 'wp_rel_nofollow_callback', $text); + $text = esc_sql($text); return $text; } @@ -3339,53 +3342,3 @@ function sanitize_trackback_urls( $to_ping ) { $urls_to_ping = implode( "\n", $urls_to_ping ); return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping ); } - -/** - * Conditionally add slashes to a string or array of strings. When GPCS - * slashing is turned on, slashes are added. When GPCS slashing is turned off, - * slashes are not added. - * - * This should be used when preparing data for core API that deal directly with GPCS data. - * Outside of unit tests, this should be rare. At a future date GPCS will no longer - * be slashed and this function will noop. Do not use it in situations where adding slashes - * is always required regardless of whether GPCS is slashed. - * - * @since 3.6.0 - * - * @param string|array $value String or array of strings to slash. - * @return string|array Slashed $value - */ -function wp_slash( $value ) { - if ( is_array( $value ) ) { - foreach ( $value as $k => $v ) { - if ( is_array( $v ) ) { - $value[$k] = wp_slash( $v ); - } else { - $value[$k] = addslashes( $v ); - } - } - } else { - $value = addslashes( $value ); - } - - return $value; -} - -/** - * Conditionally removes slashes from a string or array of strings. When GPCS - * slashing is turned on, slashes are stripped. When GPCS slashing is turned off, - * slashes are not stripped. - * - * This should be used for GPCS data before passing it along to core API. At a future - * date GPCS will no longer be slashed and this function will noop. Do not use it - * in situations where slash stripping is always required regardless of whether GPCS - * is slashed. - * - * @since 3.6.0 - * - * @param string|array $value String or array of strings to unslash. - * @return string|array Unslashed $value - */ -function wp_unslash( $value ) { - return stripslashes_deep( $value ); -} diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 1190a366f7..aa4a317130 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -468,7 +468,7 @@ function do_enclose( $content, $post_ID ) { } if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { - wp_add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); + add_post_meta( $post_ID, 'enclosure', "$url\n$len\n$mime\n" ); } } } @@ -1257,9 +1257,9 @@ function wp_referer_field( $echo = true ) { * @return string Original referer field. */ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { - $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : wp_unslash( $_SERVER['REQUEST_URI'] ); + $jump_back_to = ( 'previous' == $jump_back_to ) ? wp_get_referer() : $_SERVER['REQUEST_URI']; $ref = ( wp_get_original_referer() ) ? wp_get_original_referer() : $jump_back_to; - $orig_referer_field = ''; + $orig_referer_field = ''; if ( $echo ) echo $orig_referer_field; return $orig_referer_field; @@ -1278,11 +1278,11 @@ function wp_original_referer_field( $echo = true, $jump_back_to = 'current' ) { function wp_get_referer() { $ref = false; if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) - $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); + $ref = $_REQUEST['_wp_http_referer']; else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) - $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); + $ref = $_SERVER['HTTP_REFERER']; - if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) ) + if ( $ref && $ref !== $_SERVER['REQUEST_URI'] ) return $ref; return false; } @@ -1298,7 +1298,7 @@ function wp_get_referer() { */ function wp_get_original_referer() { if ( !empty( $_REQUEST['_wp_original_http_referer'] ) ) - return wp_unslash( $_REQUEST['_wp_original_http_referer'] ); + return $_REQUEST['_wp_original_http_referer']; return false; } diff --git a/wp-includes/kses.php b/wp-includes/kses.php index c19ef7729d..4c42134e7a 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -1326,18 +1326,18 @@ function wp_filter_nohtml_kses( $data ) { */ function kses_init_filters() { // Normal filtering - add_filter('title_save_pre', 'wp_kses_data'); + add_filter('title_save_pre', 'wp_filter_kses'); // Comment filtering if ( current_user_can( 'unfiltered_html' ) ) - add_filter( 'pre_comment_content', 'wp_kses_post' ); + add_filter( 'pre_comment_content', 'wp_filter_post_kses' ); else - add_filter( 'pre_comment_content', 'wp_kses_data' ); + add_filter( 'pre_comment_content', 'wp_filter_kses' ); // Post filtering - add_filter('content_save_pre', 'wp_kses_post'); - add_filter('excerpt_save_pre', 'wp_kses_post'); - add_filter('content_filtered_save_pre', 'wp_kses_post'); + add_filter('content_save_pre', 'wp_filter_post_kses'); + add_filter('excerpt_save_pre', 'wp_filter_post_kses'); + add_filter('content_filtered_save_pre', 'wp_filter_post_kses'); } /** @@ -1354,16 +1354,16 @@ function kses_init_filters() { */ function kses_remove_filters() { // Normal filtering - remove_filter('title_save_pre', 'wp_kses_data'); + remove_filter('title_save_pre', 'wp_filter_kses'); // Comment filtering - remove_filter( 'pre_comment_content', 'wp_kses_post' ); - remove_filter( 'pre_comment_content', 'wp_kses_data' ); + remove_filter( 'pre_comment_content', 'wp_filter_post_kses' ); + remove_filter( 'pre_comment_content', 'wp_filter_kses' ); // Post filtering - remove_filter('content_save_pre', 'wp_kses_post'); - remove_filter('excerpt_save_pre', 'wp_kses_post'); - remove_filter('content_filtered_save_pre', 'wp_kses_post'); + remove_filter('content_save_pre', 'wp_filter_post_kses'); + remove_filter('excerpt_save_pre', 'wp_filter_post_kses'); + remove_filter('content_filtered_save_pre', 'wp_filter_post_kses'); } /** diff --git a/wp-includes/link-template.php b/wp-includes/link-template.php index 99b24e1c9b..9412db49e5 100644 --- a/wp-includes/link-template.php +++ b/wp-includes/link-template.php @@ -746,7 +746,7 @@ function get_search_link( $query = '' ) { if ( empty($query) ) $search = get_search_query( false ); else - $search = $query; + $search = stripslashes($query); $permastruct = $wp_rewrite->get_search_permastruct(); diff --git a/wp-includes/meta.php b/wp-includes/meta.php index 8a9dad9ecd..9db1de30cc 100644 --- a/wp-includes/meta.php +++ b/wp-includes/meta.php @@ -42,6 +42,9 @@ function add_metadata($meta_type, $object_id, $meta_key, $meta_value, $unique = $column = esc_sql($meta_type . '_id'); + // expected_slashed ($meta_key) + $meta_key = stripslashes($meta_key); + $meta_value = stripslashes_deep($meta_value); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); $check = apply_filters( "add_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $unique ); @@ -110,7 +113,10 @@ function update_metadata($meta_type, $object_id, $meta_key, $meta_value, $prev_v $column = esc_sql($meta_type . '_id'); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; + // expected_slashed ($meta_key) + $meta_key = stripslashes($meta_key); $passed_value = $meta_value; + $meta_value = stripslashes_deep($meta_value); $meta_value = sanitize_meta( $meta_key, $meta_value, $meta_type ); $check = apply_filters( "update_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $prev_value ); @@ -189,6 +195,9 @@ function delete_metadata($meta_type, $object_id, $meta_key, $meta_value = '', $d $type_column = esc_sql($meta_type . '_id'); $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; + // expected_slashed ($meta_key) + $meta_key = stripslashes($meta_key); + $meta_value = stripslashes_deep($meta_value); $check = apply_filters( "delete_{$meta_type}_metadata", null, $object_id, $meta_key, $meta_value, $delete_all ); if ( null !== $check ) diff --git a/wp-includes/ms-files.php b/wp-includes/ms-files.php index 5f969bf456..100ba2c6d1 100644 --- a/wp-includes/ms-files.php +++ b/wp-includes/ms-files.php @@ -58,7 +58,7 @@ header( 'ETag: ' . $etag ); header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', time() + 100000000 ) . ' GMT' ); // Support for Conditional GET -$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? wp_unslash( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; +$client_etag = isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) ? stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) : false; if( ! isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) $_SERVER['HTTP_IF_MODIFIED_SINCE'] = false; diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 672d650215..40638d1584 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -279,6 +279,9 @@ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') { * @return int The ID of the newly created blog */ function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) { + $domain = addslashes( $domain ); + $weblog_title = addslashes( $weblog_title ); + if ( empty($path) ) $path = '/'; @@ -579,7 +582,7 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { $blogname = apply_filters( 'newblogname', $blogname ); - $blog_title = $blog_title; + $blog_title = stripslashes( $blog_title ); if ( empty( $blog_title ) ) $errors->add('blog_title', __( 'Please enter a site title.' ) ); @@ -632,7 +635,10 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '' global $wpdb; $key = substr( md5( time() . rand() . $domain ), 0, 16 ); - $meta = serialize( $meta ); + $meta = serialize($meta); + $domain = $wpdb->escape($domain); + $path = $wpdb->escape($path); + $title = $wpdb->escape($title); $wpdb->insert( $wpdb->signups, array( 'domain' => $domain, @@ -645,7 +651,7 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '' 'meta' => $meta ) ); - wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta ); + wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta); } /** @@ -834,8 +840,8 @@ function wpmu_activate_signup($key) { } $meta = maybe_unserialize($signup->meta); - $user_login = $signup->user_login; - $user_email = $signup->user_email; + $user_login = $wpdb->escape($signup->user_login); + $user_email = $wpdb->escape($signup->user_email); $password = wp_generate_password( 12, false ); $user_id = username_exists($user_login); @@ -1151,7 +1157,7 @@ function install_blog($blog_id, $blog_title = '') { else update_option( 'upload_path', get_blog_option( $current_site->blog_id, 'upload_path' ) ); - update_option( 'blogname', $blog_title ); + update_option( 'blogname', stripslashes( $blog_title ) ); update_option( 'admin_email', '' ); // remove all perms @@ -1208,9 +1214,9 @@ function wpmu_welcome_notification($blog_id, $user_id, $password, $title, $meta if ( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) ) return false; - $welcome_email = get_site_option( 'welcome_email' ); + $welcome_email = stripslashes( get_site_option( 'welcome_email' ) ); if ( $welcome_email == false ) - $welcome_email = __( 'Dear User, + $welcome_email = stripslashes( __( 'Dear User, Your new SITE_NAME site has been successfully set up at: BLOG_URL @@ -1222,7 +1228,7 @@ Log in here: BLOG_URLwp-login.php We hope you enjoy your new site. Thanks! ---The Team @ SITE_NAME' ); +--The Team @ SITE_NAME' ) ); $url = get_blogaddress_by_id($blog_id); $user = get_userdata( $user_id ); @@ -1246,7 +1252,7 @@ We hope you enjoy your new site. Thanks! if ( empty( $current_site->site_name ) ) $current_site->site_name = 'WordPress'; - $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, $title ) ); + $subject = apply_filters( 'update_welcome_subject', sprintf(__('New %1$s Site: %2$s'), $current_site->site_name, stripslashes( $title ) ) ); wp_mail($user->user_email, $subject, $message, $message_headers); return true; } @@ -1475,7 +1481,7 @@ function update_posts_count( $deprecated = '' ) { function wpmu_log_new_registrations( $blog_id, $user_id ) { global $wpdb; $user = get_userdata( (int) $user_id ); - $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '', wp_unslash( $_SERVER['REMOTE_ADDR'] ) ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) ); + $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) ); } /** diff --git a/wp-includes/nav-menu.php b/wp-includes/nav-menu.php index 63c0773aa7..aadbe5e461 100644 --- a/wp-includes/nav-menu.php +++ b/wp-includes/nav-menu.php @@ -370,20 +370,20 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item $menu_item_db_id = (int) $menu_item_db_id; - wp_update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); + update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key($args['menu-item-type']) ); + update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', strval( (int) $args['menu-item-parent-id'] ) ); + update_post_meta( $menu_item_db_id, '_menu_item_object_id', strval( (int) $args['menu-item-object-id'] ) ); + update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key($args['menu-item-object']) ); + update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key($args['menu-item-target']) ); $args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) ); $args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); - wp_update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); + update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); + update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); + update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw($args['menu-item-url']) ); if ( 0 == $menu_id ) - wp_update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() ); + update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() ); elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) ) delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' ); diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 3041eb2fab..5335ddf5d3 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -782,7 +782,7 @@ function auth_redirect() { // The cookie is no good so force login nocache_headers(); - $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . wp_unslash( $_SERVER['HTTP_HOST'] ) . wp_unslash( $_SERVER['REQUEST_URI'] ) ); + $redirect = ( strpos( $_SERVER['REQUEST_URI'], '/options.php' ) && wp_get_referer() ) ? wp_get_referer() : set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); $login_url = wp_login_url($redirect, true); @@ -1197,8 +1197,8 @@ if ( !function_exists('wp_new_user_notification') ) : function wp_new_user_notification($user_id, $plaintext_pass = '') { $user = get_userdata( $user_id ); - $user_login = $user->user_login; - $user_email = $user->user_email; + $user_login = stripslashes($user->user_login); + $user_email = stripslashes($user->user_email); // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. diff --git a/wp-includes/post-template.php b/wp-includes/post-template.php index 06be04786f..2c1000b563 100644 --- a/wp-includes/post-template.php +++ b/wp-includes/post-template.php @@ -583,7 +583,7 @@ function post_password_required( $post = null ) { $wp_hasher = new PasswordHash(8, true); } - $hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); + $hash = stripslashes( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] ); return ! $wp_hasher->CheckPassword( $post->post_password, $hash ); } diff --git a/wp-includes/post.php b/wp-includes/post.php index 658e43ea96..f51481e112 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -1677,41 +1677,17 @@ function get_posts($args = null) { * @link http://codex.wordpress.org/Function_Reference/add_post_meta * * @param int $post_id Post ID. - * @param string $meta_key Metadata name (expected slashed). - * @param mixed $meta_value Metadata value (expected slashed). + * @param string $meta_key Metadata name. + * @param mixed $meta_value Metadata value. * @param bool $unique Optional, default is false. Whether the same key should not be added. * @return bool False for failure. True for success. */ -function add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) { - //_deprecated_function( __FUNCTION__, '3.6', 'wp_add_post_meta() (expects unslashed data)' ); - - // expected slashed - $meta_key = stripslashes( $meta_key ); - $meta_value = stripslashes_deep( $meta_value ); - - return wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique ); -} - -/** - * Add meta data field to a post. - * - * Post meta data is called "Custom Fields" on the Administration Screen. - * - * @since 3.6.0 - * @link http://codex.wordpress.org/Function_Reference/wp_add_post_meta - * - * @param int $post_id Post ID. - * @param string $meta_key Metadata name (clean, slashes already stripped). - * @param mixed $meta_value Metadata value (clean, slashes already stripped). - * @param bool $unique Optional, default is false. Whether the same key should not be added. - * @return bool False for failure. True for success. - */ -function wp_add_post_meta( $post_id, $meta_key, $meta_value, $unique = false ) { +function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { // make sure meta is added to the post, not a revision - if ( $the_post = wp_is_post_revision( $post_id ) ) + if ( $the_post = wp_is_post_revision($post_id) ) $post_id = $the_post; - return add_metadata( 'post', $post_id, $meta_key, $meta_value, $unique ); + return add_metadata('post', $post_id, $meta_key, $meta_value, $unique); } /** @@ -1768,45 +1744,17 @@ function get_post_meta($post_id, $key = '', $single = false) { * @link http://codex.wordpress.org/Function_Reference/update_post_meta * * @param int $post_id Post ID. - * @param string $meta_key Metadata key (expected slashed). - * @param mixed $meta_value Metadata value (expected slashed). + * @param string $meta_key Metadata key. + * @param mixed $meta_value Metadata value. * @param mixed $prev_value Optional. Previous value to check before removing. * @return bool False on failure, true if success. */ -function update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) { - //_deprecated_function( __FUNCTION__, '3.6', 'wp_update_post_meta() (expects unslashed data)' ); - - // expected slashed - $meta_key = stripslashes( $meta_key ); - $meta_value = stripslashes_deep( $meta_value ); - - return wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value ); -} - -/** - * Update post meta field based on post ID. - * - * Use the $prev_value parameter to differentiate between meta fields with the - * same key and post ID. - * - * If the meta field for the post does not exist, it will be added. - * - * @since 3.6.0 - * @uses $wpdb - * @link http://codex.wordpress.org/Function_Reference/wp_update_post_meta - * - * @param int $post_id Post ID. - * @param string $meta_key Metadata key (clean, slashes already stripped). - * @param mixed $meta_value Metadata value (clean, slashes already stripped). - * @param mixed $prev_value Optional. Previous value to check before removing. - * @return bool False on failure, true if success. - */ -function wp_update_post_meta( $post_id, $meta_key, $meta_value, $prev_value = '' ) { +function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { // make sure meta is added to the post, not a revision - if ( $the_post = wp_is_post_revision( $post_id ) ) + if ( $the_post = wp_is_post_revision($post_id) ) $post_id = $the_post; - return update_metadata( 'post', $post_id, $meta_key, $meta_value, $prev_value ); + return update_metadata('post', $post_id, $meta_key, $meta_value, $prev_value); } /** @@ -2393,8 +2341,8 @@ function wp_trash_post($post_id = 0) { do_action('wp_trash_post', $post_id); - wp_add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); - wp_add_post_meta($post_id,'_wp_trash_meta_time', time()); + add_post_meta($post_id,'_wp_trash_meta_status', $post['post_status']); + add_post_meta($post_id,'_wp_trash_meta_time', time()); $post['post_status'] = 'trash'; wp_insert_post($post); @@ -2470,7 +2418,7 @@ function wp_trash_post_comments($post = null) { $statuses = array(); foreach ( $comments as $comment ) $statuses[$comment->comment_ID] = $comment->comment_approved; - wp_add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); + add_post_meta($post_id, '_wp_trash_meta_comments_status', $statuses); // Set status for all comments to post-trashed $result = $wpdb->update($wpdb->comments, array('comment_approved' => 'post-trashed'), array('comment_post_ID' => $post_id)); @@ -2846,8 +2794,10 @@ function wp_insert_post($postarr, $wp_error = false) { $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); + // expected_slashed (everything!) $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); $data = apply_filters('wp_insert_post_data', $data, $postarr); + $data = stripslashes_deep( $data ); $where = array( 'ID' => $post_ID ); if ( $update ) { @@ -2860,7 +2810,7 @@ function wp_insert_post($postarr, $wp_error = false) { } } else { if ( isset($post_mime_type) ) - $data['post_mime_type'] = $post_mime_type; // This isn't in the update + $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update // If there is a suggested ID, use it if not already present if ( !empty($import_id) ) { $import_id = (int) $import_id; @@ -2921,7 +2871,7 @@ function wp_insert_post($postarr, $wp_error = false) { else return 0; } - wp_update_post_meta($post_ID, '_wp_page_template', $page_template); + update_post_meta($post_ID, '_wp_page_template', $page_template); } wp_transition_post_status($data['post_status'], $previous_status, $post); @@ -2954,11 +2904,15 @@ function wp_update_post( $postarr = array(), $wp_error = false ) { if ( is_object($postarr) ) { // non-escaped post was passed $postarr = get_object_vars($postarr); + $postarr = add_magic_quotes($postarr); } // First, get all of the original fields $post = get_post($postarr['ID'], ARRAY_A); + // Escape data pulled from DB. + $post = add_magic_quotes($post); + // Passed post category list overwrites existing category list if not empty. if ( isset($postarr['post_category']) && is_array($postarr['post_category']) && 0 != count($postarr['post_category']) ) @@ -3396,7 +3350,7 @@ function trackback_url_list($tb_list, $post_id) { $trackback_urls = explode(',', $tb_list); foreach( (array) $trackback_urls as $tb_url) { $tb_url = trim($tb_url); - trackback($tb_url, $post_title, $excerpt, $post_id); + trackback($tb_url, stripslashes($post_title), $excerpt, $post_id); } } } @@ -3739,6 +3693,9 @@ function get_pages($args = '') { if ( ! empty( $meta_key ) || ! empty( $meta_value ) ) { $join = " LEFT JOIN $wpdb->postmeta ON ( $wpdb->posts.ID = $wpdb->postmeta.post_id )"; + // meta_key and meta_value might be slashed + $meta_key = stripslashes($meta_key); + $meta_value = stripslashes($meta_value); if ( ! empty( $meta_key ) ) $where .= $wpdb->prepare(" AND $wpdb->postmeta.meta_key = %s", $meta_key); if ( ! empty( $meta_value ) ) @@ -3963,6 +3920,7 @@ function wp_insert_attachment($object, $file = false, $parent = 0) { else $post_name = sanitize_title($post_name); + // expected_slashed ($post_name) $post_name = wp_unique_post_slug($post_name, $post_ID, $post_status, $post_type, $post_parent); if ( empty($post_date) ) @@ -4005,7 +3963,9 @@ function wp_insert_attachment($object, $file = false, $parent = 0) { if ( ! isset($pinged) ) $pinged = ''; + // expected_slashed (everything!) $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid' ) ); + $data = stripslashes_deep( $data ); if ( $update ) { $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); @@ -4050,7 +4010,7 @@ function wp_insert_attachment($object, $file = false, $parent = 0) { clean_post_cache( $post_ID ); if ( ! empty( $context ) ) - wp_add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); + add_post_meta( $post_ID, '_wp_attachment_context', $context, true ); if ( $update) { do_action('edit_attachment', $post_ID); @@ -4437,7 +4397,7 @@ function wp_check_for_changed_slugs($post_id, $post, $post_before) { // if we haven't added this old slug before, add it now if ( !empty( $post_before->post_name ) && !in_array($post_before->post_name, $old_slugs) ) - wp_add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); + add_post_meta($post_id, '_wp_old_slug', $post_before->post_name); // if the new slug was used previously, delete it from the list if ( in_array($post->post_name, $old_slugs) ) @@ -4854,8 +4814,8 @@ function _publish_post_hook($post_id) { return; if ( get_option('default_pingback_flag') ) - wp_add_post_meta( $post_id, '_pingme', '1' ); - wp_add_post_meta( $post_id, '_encloseme', '1' ); + add_post_meta( $post_id, '_pingme', '1' ); + add_post_meta( $post_id, '_encloseme', '1' ); wp_schedule_single_event(time(), 'do_pings'); } @@ -4933,7 +4893,7 @@ function set_post_thumbnail( $post, $thumbnail_id ) { $thumbnail_id = absint( $thumbnail_id ); if ( $post && $thumbnail_id && get_post( $thumbnail_id ) ) { if ( $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ) ) - return wp_update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); + return update_post_meta( $post->ID, '_thumbnail_id', $thumbnail_id ); else return delete_post_meta( $post->ID, '_thumbnail_id' ); } diff --git a/wp-includes/query.php b/wp-includes/query.php index 56d2044199..4f0ec99bab 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -1733,6 +1733,7 @@ class WP_Query { // Category stuff if ( !empty($q['cat']) && '0' != $q['cat'] && !$this->is_singular && $this->query_vars_changed ) { $q['cat'] = ''.urldecode($q['cat']).''; + $q['cat'] = addslashes_gpc($q['cat']); $cat_array = preg_split('/[,\s]+/', $q['cat']); $q['cat'] = ''; $req_cats = array(); @@ -2186,6 +2187,8 @@ class WP_Query { // If a search pattern is specified, load the posts that match if ( !empty($q['s']) ) { + // added slashes screw with quote grouping when done early, so done later + $q['s'] = stripslashes($q['s']); if ( empty( $_GET['s'] ) && $this->is_main_query() ) $q['s'] = urldecode($q['s']); if ( !empty($q['sentence']) ) { @@ -2294,6 +2297,7 @@ class WP_Query { $whichauthor = ''; } else { $q['author'] = (string)urldecode($q['author']); + $q['author'] = addslashes_gpc($q['author']); if ( strpos($q['author'], '-') !== false ) { $eq = '!='; $andor = 'AND'; @@ -2357,6 +2361,7 @@ class WP_Query { $allowed_keys[] = 'meta_value_num'; } $q['orderby'] = urldecode($q['orderby']); + $q['orderby'] = addslashes_gpc($q['orderby']); $orderby_array = array(); foreach ( explode( ' ', $q['orderby'] ) as $i => $orderby ) { diff --git a/wp-includes/revision.php b/wp-includes/revision.php index cfc6abd4e2..9b2cafc6a3 100644 --- a/wp-includes/revision.php +++ b/wp-includes/revision.php @@ -241,6 +241,7 @@ function _wp_put_post_revision( $post = null, $autosave = false ) { return new WP_Error( 'post_type', __( 'Cannot create a revision of a revision' ) ); $post = _wp_post_revision_fields( $post, $autosave ); + $post = add_magic_quotes($post); //since data is from db $revision_id = wp_insert_post( $post ); if ( is_wp_error($revision_id) ) @@ -319,6 +320,8 @@ function wp_restore_post_revision( $revision_id, $fields = null ) { $update['ID'] = $revision['post_parent']; + $update = add_magic_quotes( $update ); //since data is from db + $post_id = wp_update_post( $update ); if ( is_wp_error( $post_id ) ) return $post_id; diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index 063887cbc9..9d19f67955 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -958,6 +958,8 @@ function get_term_by($field, $value, $taxonomy, $output = OBJECT, $filter = 'raw if ( empty($value) ) return false; } else if ( 'name' == $field ) { + // Assume already escaped + $value = stripslashes($value); $field = 't.name'; } else { $term = get_term( (int) $value, $taxonomy, $output, $filter); @@ -1497,7 +1499,7 @@ function term_exists($term, $taxonomy = '', $parent = 0) { return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) ); } - $term = trim( $term ); + $term = trim( stripslashes( $term ) ); if ( '' === $slug = sanitize_title($term) ) return 0; @@ -2059,6 +2061,10 @@ function wp_insert_term( $term, $taxonomy, $args = array() ) { $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); + // expected_slashed ($name) + $name = stripslashes($name); + $description = stripslashes($description); + if ( empty($slug) ) $slug = sanitize_title($name); @@ -2438,6 +2444,9 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) { if ( is_wp_error( $term ) ) return $term; + // Escape data pulled from DB. + $term = add_magic_quotes($term); + // Merge old and new args with new args overwriting old ones. $args = array_merge($term, $args); @@ -2446,6 +2455,10 @@ function wp_update_term( $term_id, $taxonomy, $args = array() ) { $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); + // expected_slashed ($name) + $name = stripslashes($name); + $description = stripslashes($description); + if ( '' == trim($name) ) return new WP_Error('empty_term_name', __('A name is required for this term')); diff --git a/wp-includes/user.php b/wp-includes/user.php index 04091f3f76..56e6d082a5 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -1390,6 +1390,7 @@ function wp_insert_user( $userdata ) { } $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name', 'user_registered' ); + $data = stripslashes_deep( $data ); if ( $update ) { $wpdb->update( $wpdb->users, $data, compact( 'ID' ) ); @@ -1461,6 +1462,9 @@ function wp_update_user($userdata) { $user[ $key ] = get_user_meta( $ID, $key, true ); } + // Escape data pulled from DB. + $user = add_magic_quotes( $user ); + // If password is changing, hash it now. if ( ! empty($userdata['user_pass']) ) { $plaintext_pass = $userdata['user_pass']; @@ -1500,8 +1504,8 @@ function wp_update_user($userdata) { * @return int The new user's ID. */ function wp_create_user($username, $password, $email = '') { - $user_login = $username; - $user_email = $email; + $user_login = esc_sql( $username ); + $user_email = esc_sql( $email ); $user_pass = $password; $userdata = compact('user_login', 'user_email', 'user_pass'); diff --git a/wp-includes/widgets.php b/wp-includes/widgets.php index 87f023f619..61d2cd7d46 100644 --- a/wp-includes/widgets.php +++ b/wp-includes/widgets.php @@ -224,7 +224,7 @@ class WP_Widget { } foreach ( $settings as $number => $new_instance ) { - $new_instance = wp_unslash($new_instance); + $new_instance = stripslashes_deep($new_instance); $this->_set($number); $old_instance = isset($all_instances[$number]) ? $all_instances[$number] : array(); diff --git a/wp-login.php b/wp-login.php index e35e359e1d..31199f40dd 100644 --- a/wp-login.php +++ b/wp-login.php @@ -399,7 +399,7 @@ case 'postpass' : } // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); + setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit(); @@ -434,7 +434,7 @@ case 'retrievepassword' : do_action('lost_password'); login_header(__('Lost Password'), '

' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '

', $errors); - $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; + $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; ?> @@ -533,8 +533,8 @@ case 'register' : $user_login = ''; $user_email = ''; if ( $http_post ) { - $user_login = wp_unslash( $_POST['user_login'] ); - $user_email = wp_unslash( $_POST['user_email'] ); + $user_login = $_POST['user_login']; + $user_email = $_POST['user_email']; $errors = register_new_user($user_login, $user_email); if ( !is_wp_error($errors) ) { $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; @@ -550,11 +550,11 @@ case 'register' :

+

+

@@ -670,7 +670,7 @@ default: login_header(__('Log In'), '', $errors); if ( isset($_POST['log']) ) - $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; + $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : ''; $rememberme = ! empty( $_POST['rememberme'] ); ?> diff --git a/wp-mail.php b/wp-mail.php index 8a66e12b62..5685b3acf9 100644 --- a/wp-mail.php +++ b/wp-mail.php @@ -202,6 +202,7 @@ for ( $i = 1; $i <= $count; $i++ ) { $post_category = array(get_option('default_email_category')); $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); + $post_data = add_magic_quotes($post_data); $post_ID = wp_insert_post($post_data); if ( is_wp_error( $post_ID ) ) diff --git a/wp-trackback.php b/wp-trackback.php index 5c0c198a41..06e47507be 100644 --- a/wp-trackback.php +++ b/wp-trackback.php @@ -45,9 +45,9 @@ $tb_url = isset($_POST['url']) ? $_POST['url'] : ''; $charset = isset($_POST['charset']) ? $_POST['charset'] : ''; // These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() -$title = isset($_POST['title']) ? wp_unslash( $_POST['title'] ) : ''; -$excerpt = isset($_POST['excerpt']) ? wp_unslash( $_POST['excerpt'] ) : ''; -$blog_name = isset($_POST['blog_name']) ? wp_unslash( $_POST['blog_name'] ) : ''; +$title = isset($_POST['title']) ? stripslashes($_POST['title']) : ''; +$excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : ''; +$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : ''; if ($charset) $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) ); @@ -64,6 +64,11 @@ if ( function_exists('mb_convert_encoding') ) { // For international trackbacks $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); } +// Now that mb_convert_encoding() has been given a swing, we need to escape these three +$title = $wpdb->escape($title); +$excerpt = $wpdb->escape($excerpt); +$blog_name = $wpdb->escape($blog_name); + if ( is_single() || is_page() ) $tb_id = $posts[0]->ID;