Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use wp_slash() in places where we improperly used the DB API instead. see #21767. 

git-svn-id: http://core.svn.wordpress.org/trunk@24713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-07-16 14:19:03 +00:00
parent dffd2b1bd9
commit 8d65dc2469
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/ajax-actions.php
View File

@ -739,9 +739,9 @@ function wp_ajax_replyto_comment( $action ) {
$user = wp_get_current_user(); $user = wp_get_current_user();
if ( $user->exists() ) { if ( $user->exists() ) {
$user_ID = $user->ID; $user_ID = $user->ID;
$comment_author = $wpdb->escape($user->display_name); $comment_author = wp_slash( $user->display_name );
$comment_author_email = $wpdb->escape($user->user_email); $comment_author_email = wp_slash( $user->user_email );
$comment_author_url = $wpdb->escape($user->user_url); $comment_author_url = wp_slash( $user->user_url );
$comment_content = trim($_POST['content']); $comment_content = trim($_POST['content']);
if ( current_user_can( 'unfiltered_html' ) ) { if ( current_user_can( 'unfiltered_html' ) ) {
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {

2
wp-admin/includes/post.php
View File

@ -646,7 +646,7 @@ function add_meta( $post_ID ) {
if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
return false; return false;
$metakey = esc_sql( $metakey ); $metakey = wp_slash( $metakey );
return add_post_meta( $post_ID, $metakey, $metavalue ); return add_post_meta( $post_ID, $metakey, $metavalue );
} }

6
wp-comments-post.php
View File

@ -57,9 +57,9 @@ $user = wp_get_current_user();
if ( $user->exists() ) { if ( $user->exists() ) {
if ( empty( $user->display_name ) ) if ( empty( $user->display_name ) )
$user->display_name=$user->user_login; $user->display_name=$user->user_login;
$comment_author = $wpdb->escape($user->display_name); $comment_author = wp_slash( $user->display_name );
$comment_author_email = $wpdb->escape($user->user_email); $comment_author_email = wp_slash( $user->user_email );
$comment_author_url = $wpdb->escape($user->user_url); $comment_author_url = wp_slash( $user->user_url );
if ( current_user_can('unfiltered_html') ) { if ( current_user_can('unfiltered_html') ) {
if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
kses_remove_filters(); // start with a clean slate kses_remove_filters(); // start with a clean slate

2
wp-includes/comment.php
View File

@ -1492,7 +1492,7 @@ function wp_update_comment($commentarr) {
$comment = get_comment($commentarr['comment_ID'], ARRAY_A); $comment = get_comment($commentarr['comment_ID'], ARRAY_A);
// Escape data pulled from DB. // Escape data pulled from DB.
$comment = esc_sql($comment); $comment = wp_slash($comment);
$old_status = $comment['comment_approved']; $old_status = $comment['comment_approved'];