Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-12 13:44:21 +01:00
Code Issues Projects Releases Wiki Activity

Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892.

Browse Source 
git-svn-id: http://core.svn.wordpress.org/trunk@21850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2012-09-14 19:32:53 +00:00
parent 8cbf331fa5
commit f4c9c9ce0d
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/formatting.php
View File

@ -2789,9 +2789,7 @@ function sanitize_option($option, $value) {
case 'blogdescription': case 'blogdescription':
case 'blogname': case 'blogname':
$value = addslashes($value); $value = wp_kses_post( $value );
$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
$value = stripslashes($value);
$value = esc_html( $value ); $value = esc_html( $value );
break; break;
@ -2807,9 +2805,7 @@ function sanitize_option($option, $value) {
case 'ping_sites': case 'ping_sites':
case 'upload_path': case 'upload_path':
$value = strip_tags($value); $value = strip_tags($value);
$value = addslashes($value); $value = wp_kses_data($value);
$value = wp_filter_kses($value); // calls stripslashes then addslashes
$value = stripslashes($value);
break; break;
case 'gmt_offset': case 'gmt_offset':