golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

stripslashes() elimination. Remove extra slashes during upgrade. Bugs 0000059 and 0000018 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
rboren 2004-06-18 00:22:09 +00:00
parent c222d7d2e0
commit 6fd6b1080d
17 changed files with 131 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/admin-functions.php
View File

@ -80,7 +80,7 @@ function get_nested_categories($default = 0, $parent = 0) {
$result[$cat]['children'] = get_nested_categories($default, $cat);
$result[$cat]['cat_ID'] = $cat;
$result[$cat]['checked'] = in_array($cat, $checked_categories);
$result[$cat]['cat_name'] = stripslashes(get_the_category_by_ID($cat));
$result[$cat]['cat_name'] = get_the_category_by_ID($cat);
}
return $result;

13
wp-admin/link-categories.php
View File

@ -87,7 +87,6 @@ switch ($action) {
$cat_id = $_GET['cat_id'];
$cat_name=get_linkcatname($cat_id);
$cat_name=addslashes($cat_name);
if ($cat_id=="1")
die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name));
@ -132,7 +131,7 @@ switch ($action) {
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Name:') ?></th>
<td width="67%"><input name="cat_name" type="text" value="<?php echo stripslashes($row->cat_name)?>" size="30" /></td>
<td width="67%"><input name="cat_name" type="text" value="<?php echo $row->cat_name?>" size="30" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Show:') ?></th>
@ -190,15 +189,15 @@ switch ($action) {
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_before_link))?>" /></td>
<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo htmlspecialchars($row->text_before_link)?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Between Link and Description:') ?></th>
<td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_after_link))?>" /></td>
<td><input type="text" name="text_after_link" size="45" value="<?php echo htmlspecialchars($row->text_after_link)?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('After Link:') ?></th>
<td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars(stripslashes($row->text_after_all))?>"/></td>
<td><input type="text" name="text_after_all" size="45" value="<?php echo htmlspecialchars($row->text_after_all)?>"/></td>
</tr>
</table>
</fieldset>
@ -223,7 +222,7 @@ switch ($action) {
$cat_id=$_POST["cat_id"];
$cat_name=addslashes(stripslashes($_POST["cat_name"]));
$cat_name= $_POST["cat_name"];
$auto_toggle = $_POST["auto_toggle"];
if ($auto_toggle != 'Y') {
$auto_toggle = 'N';
@ -333,7 +332,7 @@ foreach ($results as $row) {
$style = ($i % 2) ? ' class="alternate"' : '';
?>
<tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
<td><?php echo stripslashes($row->cat_name)?></td>
<td><?php echo $row->cat_name?></td>
<td ><?php echo $row->cat_id?></td>
<td><?php echo $row->auto_toggle?></td>
<td><?php echo $row->show_images?></td>

16
wp-admin/link-manager.php
View File

@ -312,16 +312,16 @@ switch ($action) {
WHERE link_id = $link_id");
if ($row) {
$link_url = stripslashes($row->link_url);
$link_name = stripslashes($row->link_name);
$link_url = $row->link_url;
$link_name = $row->link_name;
$link_image = $row->link_image;
$link_target = $row->link_target;
$link_category = $row->link_category;
$link_description = stripslashes($row->link_description);
$link_description = $row->link_description;
$link_visible = $row->link_visible;
$link_rating = $row->link_rating;
$link_rel = stripslashes($row->link_rel);
$link_notes = stripslashes($row->link_notes);
$link_rel = $row->link_rel;
$link_notes = $row->link_notes;
$link_rss_uri = $row->link_rss;
}
@ -690,17 +690,13 @@ function checkAll(form)
$links = $wpdb->get_results($sql);
if ($links) {
foreach ($links as $link) {
$short_url = str_replace('http://', '', stripslashes($link->link_url));
$short_url = str_replace('http://', '', $link->link_url);
$short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1))
$short_url = substr($short_url, 0, -1);
if (strlen($short_url) > 35)
$short_url = substr($short_url, 0, 32).'...';
$link->link_name = stripslashes($link->link_name);
$link->category = stripslashes($link->category);
$link->link_rel = stripslashes($link->link_rel);
$link->link_description = stripslashes($link->link_description);
$image = ($link->link_image != null) ? __('Yes') : __('No');
$visible = ($link->link_visible == 'Y') ? __('Yes') : __('No');
++$i;

2
wp-admin/menu.php
View File

@ -40,5 +40,5 @@ get_settings('use_fileupload') &&
?>
<li><a href="<?php echo get_settings('home') . '/' . get_settings('blogfilename'); ?>" title="<?php _e('View your site') ?>"><?php _e('View site') ?> &raquo;</a></li>
<li class="last"><a href="<?php echo get_settings('siteurl')
?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), stripslashes($user_nickname)) ?></a></li>
?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), $user_nickname) ?></a></li>
</ul>

2
wp-admin/options.php
View File

@ -75,7 +75,7 @@ $nonbools = array('default_ping_status', 'default_comment_status');
foreach ($options as $option) {
// should we even bother checking?
if ($user_level >= $option->option_admin_level) {
$old_val = stripslashes($option->option_value);
$old_val = $option->option_value;
$new_val = $_POST[$option->option_name];
if (!$new_val) {
if (3 == $option->option_type)

22
wp-admin/profile.php
View File

@ -83,19 +83,19 @@ case 'update':
setcookie('wordpresspass_'.$cookiehash, md5(md5($newuser_pass)), time() + 31536000, COOKIEPATH);
}
$newuser_firstname=addslashes(stripslashes($_POST['newuser_firstname']));
$newuser_lastname=addslashes(stripslashes($_POST['newuser_lastname']));
$newuser_nickname=addslashes(stripslashes($_POST['newuser_nickname']));
$newuser_firstname=$_POST['newuser_firstname'];
$newuser_lastname=$_POST['newuser_lastname'];
$newuser_nickname=$_POST['newuser_nickname'];
$newuser_nicename=sanitize_title($newuser_nickname);
$newuser_icq=addslashes(stripslashes($_POST['newuser_icq']));
$newuser_aim=addslashes(stripslashes($_POST['newuser_aim']));
$newuser_msn=addslashes(stripslashes($_POST['newuser_msn']));
$newuser_yim=addslashes(stripslashes($_POST['newuser_yim']));
$newuser_email=addslashes(stripslashes($_POST['newuser_email']));
$newuser_url=addslashes(stripslashes($_POST['newuser_url']));
$newuser_icq=$_POST['newuser_icq'];
$newuser_aim=$_POST['newuser_aim'];
$newuser_msn=$_POST['newuser_msn'];
$newuser_yim=$_POST['newuser_yim'];
$newuser_email=$_POST['newuser_email'];
$newuser_url=$_POST['newuser_url'];
$newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url;
$newuser_idmode=addslashes(stripslashes($_POST['newuser_idmode']));
$user_description = addslashes(stripslashes($_POST['user_description']));
$newuser_idmode=$_POST['newuser_idmode'];
$user_description = $_POST['user_description'];
$query = "UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID";
$result = $wpdb->query($query);

38
wp-admin/upgrade-functions.php
View File

@ -90,6 +90,23 @@ function get_alloptions_110() {
return $all_options;
}
function deslash($content) {
// Note: \\\ inside a regex denotes a single backslash.
// Replace one or more backslashes followed by a single quote with
// a single quote.
$content = preg_replace("/\\\+'/", "'", $content);
// Replace one or more backslashes followed by a double quote with
// a double quote.
$content = preg_replace('/\\\+"/', '"', $content);
// Replace one or more backslashes with one backslash.
$content = preg_replace("/\\\+/", "\\", $content);
return $content;
}
// .71 stuff
function upgrade_071() {
@ -871,6 +888,27 @@ function upgrade_130() {
foreach ($fatoptions as $fatoption) :
$wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'");
endforeach;
// Remove extraneous backslashes.
$posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt FROM $wpdb->posts");
if ($posts) {
foreach($posts as $post) {
$post_content = addslashes(deslash($post->post_content));
$post_title = addslashes(deslash($post->post_title));
$post_excerpt = addslashes(deslash($post->post_excerpt));
$wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt' WHERE ID = '$post->ID'");
}
}
// Remove extraneous backslashes.
$comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments");
if ($comments) {
foreach($comments as $comment) {
$comment_content = addslashes(deslash($comment->comment_content));
$comment_author = addslashes(deslash($comment->comment_author));
$wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'");
}
}
}
?>

11
wp-admin/users.php
View File

@ -70,13 +70,7 @@ case 'adduser':
return false;
}
$user_login = addslashes(stripslashes($user_login));
$pass1 = addslashes(stripslashes($pass1));
$user_nickname = addslashes(stripslashes($user_nickname));
$user_nicename = sanitize_title($user_nickname);
$user_firstname = addslashes(stripslashes($user_firstname));
$user_lastname = addslashes(stripslashes($user_lastname));
$user_uri = addslashes(stripslashes($user_uri));
$user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri;
$now = gmdate('Y-m-d H:i:s');
$new_users_can_blog = get_settings('new_users_can_blog');
@ -95,6 +89,7 @@ case 'adduser':
$stars .= '*';
}
$user_login = stripslashes($user_login);
$message = 'New user registration on your blog ' . get_settings('blogname') . ":\r\n\r\n";
$message .= "Login: $user_login\r\n\r\nE-mail: $user_email";
@ -204,7 +199,7 @@ default:
$user_data = get_userdata($user->ID);
$email = $user_data->user_email;
$url = $user_data->user_url;
$short_url = str_replace('http://', '', stripslashes($url));
$short_url = str_replace('http://', '', $url);
$short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1))
$short_url = substr($short_url, 0, -1);
@ -255,7 +250,7 @@ default:
$user_data = get_userdata($user->ID);
$email = $user_data->user_email;
$url = $user_data->user_url;
$short_url = str_replace('http://', '', stripslashes($url));
$short_url = str_replace('http://', '', $url);
$short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1))
$short_url = substr($short_url, 0, -1);

1
wp-includes/functions-formatting.php
View File

@ -50,7 +50,6 @@ function wptexturize($text) {
}
function clean_pre($text) {
$text = stripslashes($text);
$text = str_replace('<br />', '', $text);
return $text;
}

51
wp-includes/functions.php
View File

@ -166,16 +166,11 @@ function get_currentuserinfo() { // a bit like get_userdata(), on steroids
function get_userdata($userid) {
global $wpdb, $cache_userdata;
if ( empty($cache_userdata[$userid]) ) {
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$userid'");
$user->user_nickname = stripslashes($user->user_nickname);
$user->user_firstname = stripslashes($user->user_firstname);
$user->user_lastname = stripslashes($user->user_lastname);
$user->user_description = stripslashes($user->user_description);
$cache_userdata[$userid] = $user;
} else {
$user = $cache_userdata[$userid];
}
return $user;
$cache_userdata[$userid] =
$wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$userid'");
}
return $cache_userdata[$userid];
}
function get_userdatabylogin($user_login) {
@ -315,7 +310,7 @@ function get_alloptions() {
if ('siteurl' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
if ('home' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
if ('category_base' == $option->option_name) $option->option_value = preg_replace('|/+$|', '', $option->option_value);
$all_options->{$option->option_name} = stripslashes($option->option_value);
$all_options->{$option->option_name} = $option->option_value;
}
}
return $all_options;
@ -323,7 +318,7 @@ function get_alloptions() {
function update_option($option_name, $newvalue) {
global $wpdb, $cache_settings;
$newvalue = stripslashes($newvalue);
$newvalue = $newvalue;
$newvalue = trim($newvalue); // I can't think of any situation we wouldn't want to trim
$newvalue = $wpdb->escape($newvalue);
$wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
@ -516,9 +511,9 @@ add_action('publish_post', 'generic_ping');
// Send a Trackback
function trackback($trackback_url, $title, $excerpt, $ID) {
global $wpdb;
$title = urlencode(stripslashes($title));
$excerpt = urlencode(stripslashes($excerpt));
$blog_name = urlencode(stripslashes(get_settings('blogname')));
$title = urlencode($title);
$excerpt = urlencode($excerpt);
$blog_name = urlencode(get_settings('blogname'));
$tb_url = $trackback_url;
$url = urlencode(get_permalink($ID));
$query_string = "title=$title&url=$url&blog_name=$blog_name&excerpt=$excerpt";
@ -932,38 +927,38 @@ function wp_notify_postauthor($comment_id, $comment_type='comment') {
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$blogname = stripslashes(get_settings('blogname'));
$blogname = get_settings('blogname');
if ('comment' == $comment_type) {
$notify_message = "New comment on your post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
$notify_message = "New comment on your post #$comment->comment_post_ID \"".$post->post_title."\"\r\n\r\n";
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "E-mail : $comment->comment_author_email\r\n";
$notify_message .= "URI : $comment->comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
$notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
$notify_message .= "You can see all comments on this post here: \r\n";
$subject = '[' . $blogname . '] Comment: "' .stripslashes($post->post_title).'"';
$subject = '[' . $blogname . '] Comment: "' .$post->post_title.'"';
} elseif ('trackback' == $comment_type) {
$notify_message = "New trackback on your post #$comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
$notify_message = "New trackback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
$notify_message .= "Website: $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "URI : $comment->comment_author_url\r\n";
$notify_message .= "Excerpt: \n".stripslashes($comment->comment_content)."\r\n\r\n";
$notify_message .= "Excerpt: \n".$comment->comment_content."\r\n\r\n";
$notify_message .= "You can see all trackbacks on this post here: \r\n";
$subject = '[' . $blogname . '] Trackback: "' .stripslashes($post->post_title).'"';
$subject = '[' . $blogname . '] Trackback: "' .$post->post_title.'"';
} elseif ('pingback' == $comment_type) {
$notify_message = "New pingback on your post #$comment_post_ID \"".stripslashes($post->post_title)."\"\r\n\r\n";
$notify_message = "New pingback on your post #$comment_post_ID \"".$post->post_title."\"\r\n\r\n";
$notify_message .= "Website: $comment->comment_author\r\n";
$notify_message .= "URI : $comment->comment_author_url\r\n";
$notify_message .= "Excerpt: \n[...] $original_context [...]\r\n\r\n";
$notify_message .= "You can see all pingbacks on this post here: \r\n";
$subject = '[' . $blogname . '] Pingback: "' .stripslashes($post->post_title).'"';
$subject = '[' . $blogname . '] Pingback: "' .$post->post_title.'"';
}
$notify_message .= get_permalink($comment->comment_post_ID) . '#comments';
if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
} else {
$from = 'From: "' . stripslashes($comment->comment_author) . "\" <$comment->comment_author_email>";
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
}
$message_headers = "MIME-Version: 1.0\r\n"
@ -991,18 +986,18 @@ function wp_notify_moderator($comment_id) {
$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message = "A new comment on the post #$comment->comment_post_ID \"".stripslashes($post->post_title)."\" is waiting for your approval\r\n\r\n";
$notify_message = "A new comment on the post #$comment->comment_post_ID \"".$post->post_title."\" is waiting for your approval\r\n\r\n";
$notify_message .= "Author : $comment->comment_author (IP: $comment->comment_author_IP , $comment_author_domain)\r\n";
$notify_message .= "E-mail : $comment->comment_author_email\r\n";
$notify_message .= "URL : $comment->comment_author_url\r\n";
$notify_message .= "Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=$comment->comment_author_IP\r\n";
$notify_message .= "Comment:\r\n".stripslashes($comment->comment_content)."\r\n\r\n";
$notify_message .= "Comment:\r\n".$comment->comment_content."\r\n\r\n";
$notify_message .= "To approve this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=mailapprovecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
$notify_message .= "To delete this comment, visit: " . get_settings('siteurl') . "/wp-admin/post.php?action=confirmdeletecomment&p=".$comment->comment_post_ID."&comment=$comment_id\r\n";
$notify_message .= "Currently $comments_waiting comments are waiting for approval. Please visit the moderation panel:\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
$subject = '[' . stripslashes(get_settings('blogname')) . '] Please approve: "' .stripslashes($post->post_title).'"';
$subject = '[' . get_settings('blogname') . '] Please approve: "' .$post->post_title.'"';
$admin_email = get_settings("admin_email");
$from = "From: $admin_email";

22
wp-includes/links.php
View File

@ -176,14 +176,14 @@ function get_links($category = -1, $before = '', $after = '<br />',
}
$the_link = '#';
if (($row->link_url != null) && ($row->link_url != '')) {
$the_link = htmlspecialchars(stripslashes($row->link_url));
$the_link = htmlspecialchars($row->link_url);
}
$rel = stripslashes($row->link_rel);
$rel = $row->link_rel;
if ($rel != '') {
$rel = " rel='$rel'";
}
$desc = htmlspecialchars(stripslashes($row->link_description), ENT_QUOTES);
$name = htmlspecialchars(stripslashes($row->link_name), ENT_QUOTES);
$desc = htmlspecialchars($row->link_description, ENT_QUOTES);
$name = htmlspecialchars($row->link_name, ENT_QUOTES);
$title = $desc;
@ -273,7 +273,7 @@ function get_links($category = -1, $before = '', $after = '<br />',
** Use this like:
** $links = get_linkobjectsbyname('fred');
** foreach ($links as $link) {
** echo '<li>'.stripslashes($link->link_name).'</li>';
** echo '<li>'.$link->link_name.'</li>';
** }
**/
function get_linkobjectsbyname($cat_name = "noname" , $orderby = 'name', $limit = -1) {
@ -350,10 +350,10 @@ function get_linkobjects($category = -1, $orderby = 'name', $limit = -1) {
$results = $wpdb->get_results($sql);
if ($results) {
foreach ($results as $result) {
$result->link_url = stripslashes($result->link_url);
$result->link_name = stripslashes($result->link_name);
$result->link_description = stripslashes($result->link_description);
$result->link_notes = stripslashes($result->link_notes);
$result->link_url = $result->link_url;
$result->link_name = $result->link_name;
$result->link_description = $result->link_description;
$result->link_notes = $result->link_notes;
$newresults[] = $result;
}
}
@ -464,7 +464,7 @@ function get_linkcatname($id = 0) {
if ('' != $id) {
$cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
}
return stripslashes($cat_name);
return $cat_name;
}
/** function get_get_autotoggle()
@ -559,7 +559,7 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
$orderby = (bool_from_yn($cat['sort_desc'])?'_':'') . $orderby;
// Display the category name
echo ' <li id="'.sanitize_title($cat['cat_name']).'">' . stripslashes($cat['cat_name']) . "\n\t<ul>\n";
echo ' <li id="'.sanitize_title($cat['cat_name']).'">' . $cat['cat_name'] . "\n\t<ul>\n";
// Call get_links() with all the appropriate params
get_links($cat['link_category'],
'<li>',"</li>","\n",

10
wp-includes/template-functions-author.php
View File

@ -72,7 +72,7 @@ function the_author_posts() {
function the_author_posts_link($idmode='') {
global $id, $authordata;
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . stripslashes(the_author($idmode, false)) . '</a>';
echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
}
@ -143,7 +143,7 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
if ($posts == 0) {
if (! $hide_empty) echo $name;
} else {
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . stripslashes($name) . '</a>';
$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), htmlspecialchars($author->user_nickname)) . '">' . $name . '</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) {
@ -156,9 +156,9 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
$link .= '<a href="' . get_author_rss_link(0, $author->ID, $author->user_nicename) . '"';
if (! empty($feed)) {
$title = ' title="' . stripslashes($feed) . '"';
$alt = ' alt="' . stripslashes($feed) . '"';
$name = stripslashes($feed);
$title = ' title="' . $feed . '"';
$alt = ' alt="' . $feed . '"';
$name = $feed;
$link .= $title;
}

18
wp-includes/template-functions-category.php
View File

@ -68,7 +68,7 @@ function the_category($seperator = '', $parents='') {
if ('' == $seperator) {
$thelist .= '<ul class="post-categories">';
foreach ($categories as $category) {
$category->cat_name = stripslashes($category->cat_name);
$category->cat_name = $category->cat_name;
$thelist .= "\n\t<li>";
switch(strtolower($parents)) {
case 'multiple':
@ -93,7 +93,7 @@ function the_category($seperator = '', $parents='') {
} else {
$i = 0;
foreach ($categories as $category) {
$category->cat_name = stripslashes($category->cat_name);
$category->cat_name = $category->cat_name;
if (0 < $i) $thelist .= $seperator . ' ';
switch(strtolower($parents)) {
case 'multiple':
@ -117,7 +117,7 @@ function the_category_rss($type = 'rss') {
$categories = get_the_category();
$the_list = '';
foreach ($categories as $category) {
$category->cat_name = stripslashes(convert_chars($category->cat_name));
$category->cat_name = convert_chars($category->cat_name);
if ('rdf' == $type) {
$the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>";
} else {
@ -135,7 +135,7 @@ function get_the_category_by_ID($cat_ID) {
} else {
$cat_name = $cache_categories[$cat_ID]->cat_name;
}
return(stripslashes($cat_name));
return($cat_name);
}
function get_category_parents($id, $link = FALSE, $separator = '/', $nicename = FALSE){
@ -242,7 +242,7 @@ function dropdown_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_
if ($category->cat_ID == $selected)
echo ' selected="selected"';
echo '>';
echo stripslashes($cat_name);
echo $cat_name;
if (intval($optioncount) == 1) echo '&nbsp;&nbsp;('.$category->cat_count.')';
if (intval($optiondates) == 1) echo '&nbsp;&nbsp;'.$category->lastday.'/'.$category->lastmonth;
echo "</option>\n";
@ -359,7 +359,7 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
$link .= 'title="' . htmlspecialchars($category->category_description) . '"';
}
$link .= '>';
$link .= apply_filters('list_cats', stripslashes($category->cat_name)).'</a>';
$link .= apply_filters('list_cats', $category->cat_name).'</a>';
if ( (! empty($feed_image)) || (! empty($feed)) ) {
@ -372,9 +372,9 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
$link .= '<a href="' . get_category_rss_link(0, $category->cat_ID, $category->category_nicename) . '"';
if ( !empty($feed) ) {
$title = ' title="' . stripslashes($feed) . '"';
$alt = ' alt="' . stripslashes($feed) . '"';
$name = stripslashes($feed);
$title = ' title="' . $feed . '"';
$alt = ' alt="' . $feed . '"';
$name = $feed;
$link .= $title;
}

4
wp-includes/template-functions-comment.php
View File

@ -160,7 +160,7 @@ function comment_author_email_link($linktext='', $before='', $after='') {
global $comment;
$email = apply_filters('comment_email', $comment->comment_author_email);
if ((!empty($email)) && ($email != '@')) {
$display = ($linktext != '') ? $linktext : stripslashes($email);
$display = ($linktext != '') ? $linktext : $email;
echo $before;
echo "<a href='mailto:$email'>$display</a>";
echo $after;
@ -172,7 +172,7 @@ function comment_author_url_link($linktext='', $before='', $after='') {
$url = apply_filters('comment_url', $comment->comment_author_url);
if ((!empty($url)) && ($url != 'http://') && ($url != 'http://url')) {
$display = ($linktext != '') ? $linktext : stripslashes($url);
$display = ($linktext != '') ? $linktext : $url;
echo "$before<a href='$url' rel='external'>$display</a>$after";
}
}

20
wp-includes/template-functions-general.php
View File

@ -72,11 +72,11 @@ function wp_title($sep = '&raquo;', $display = true) {
// If there's a category
if(!empty($cat)) {
if (!stristr($cat,'-')) { // category excluded
$title = stripslashes(get_the_category_by_ID($cat));
$title = get_the_category_by_ID($cat);
}
}
if (!empty($category_name)) {
$title = stripslashes($wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'"));
$title = $wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE category_nicename = '$category_name'");
}
// If there's a month
@ -98,7 +98,7 @@ function wp_title($sep = '&raquo;', $display = true) {
// If there's a post
if ($single) {
$title = strip_tags(stripslashes($posts[0]->post_title));
$title = strip_tags($posts[0]->post_title);
$title = apply_filters('single_post_title', $title);
}
@ -120,9 +120,9 @@ function single_post_title($prefix = '', $display = true) {
$title = $post_data['Title'];
$title = apply_filters('single_post_title', $title);
if ($display) {
echo $prefix.strip_tags(stripslashes($title));
echo $prefix.strip_tags($title);
} else {
return strip_tags(stripslashes($title));
return strip_tags($title);
}
}
}
@ -133,9 +133,9 @@ function single_cat_title($prefix = '', $display = true ) {
$my_cat_name = get_the_category_by_ID($cat);
if(!empty($my_cat_name)) {
if ($display)
echo $prefix.strip_tags(stripslashes($my_cat_name));
echo $prefix.strip_tags($my_cat_name);
else
return strip_tags(stripslashes($my_cat_name));
return strip_tags($my_cat_name);
}
}
}
@ -267,7 +267,7 @@ function get_archives($type='', $limit='', $format='html', $before = '', $after
foreach ($arcresults as $arcresult) {
if ($arcresult->post_date != '0000-00-00 00:00:00') {
$url = get_permalink($arcresult->ID);
$arc_title = stripslashes($arcresult->post_title);
$arc_title = $arcresult->post_title;
if ($arc_title) {
$text = strip_tags($arc_title);
} else {
@ -419,9 +419,9 @@ function get_calendar($daylength = 1) {
$ak_titles_for_day['day_'.$ak_post_title->dom] = '';
}
if (empty($ak_titles_for_day["$ak_post_title->dom"])) { // first one
$ak_titles_for_day["$ak_post_title->dom"] = str_replace('"', '&quot;', wptexturize(stripslashes($ak_post_title->post_title)));
$ak_titles_for_day["$ak_post_title->dom"] = str_replace('"', '&quot;', wptexturize($ak_post_title->post_title));
} else {
$ak_titles_for_day["$ak_post_title->dom"] .= $ak_title_separator . str_replace('"', '&quot;', wptexturize(stripslashes($ak_post_title->post_title)));
$ak_titles_for_day["$ak_post_title->dom"] .= $ak_title_separator . str_replace('"', '&quot;', wptexturize($ak_post_title->post_title));
}
}
}

4
wp-includes/template-functions-links.php
View File

@ -255,7 +255,7 @@ function previous_post($format='%', $previous='previous post: ', $title='yes', $
if ($lastpost) {
$string = '<a href="'.get_permalink($lastpost->ID).'">'.$previous;
if ($title == 'yes') {
$string .= wptexturize(stripslashes($lastpost->post_title));
$string .= wptexturize($lastpost->post_title);
}
$string .= '</a>';
$format = str_replace('%', $string, $format);
@ -293,7 +293,7 @@ function next_post($format='%', $next='next post: ', $title='yes', $in_same_cat=
if ($nextpost) {
$string = '<a href="'.get_permalink($nextpost->ID).'">'.$next;
if ($title=='yes') {
$string .= wptexturize(stripslashes($nextpost->post_title));
$string .= wptexturize($nextpost->post_title);
}
$string .= '</a>';
$format = str_replace('%', $string, $format);

4
wp-includes/version.php
View File

@ -2,6 +2,6 @@
// This just holds the version number, in a separate file so we can bump it without cluttering the CVS
$wp_version = '1.3-pre-alpha';
$wp_version = '1.3-alpha';
?>
?>