Changeset 4847 for trunk/includes/common/functions.php

Timestamp:

04/12/2013 08:45:55 PM (10 years ago)

Author:

johnjamesjacoby

Message:

In bbp_check_for_duplicate(), run wp_unslash() or stripslashes_deep() on the entire $r array. Remove unslashing on results of get_meta_sql() to allow any previously slashed values to remain slashed. See #2185.

File:

• trunk/includes/common/functions.php (modified) (1 diff)

trunk/includes/common/functions.php

@@ -686 +686 @@
     }
 
-    // Unslash strings to pass through $wpdb->prepare()
+    // Unslash $r to pass through $wpdb->prepare()
     //
     // @see: http://bbpress.trac.wordpress.org/ticket/2185/
     // @see: http://core.trac.wordpress.org/changeset/23973/
-    if ( function_exists( 'wp_unslash' ) ) { // added in WordPress 3.6
-        $r['post_type']    = wp_unslash( $r['post_type']    );
-        $r['post_status']  = wp_unslash( $r['post_status']  );
-        $r['post_content'] = wp_unslash( $r['post_content'] );
-        $join              = wp_unslash( $join              );
-        $where             = wp_unslash( $where             );
-    } else {
-        $r['post_type']    = stripslashes_deep( $r['post_type']    );
-        $r['post_status']  = stripslashes_deep( $r['post_status']  );
-        $r['post_content'] = stripslashes_deep( $r['post_content'] );
-        $join              = stripslashes_deep( $join              );
-        $where             = stripslashes_deep( $where             );
-    }
+    $r = function_exists( 'wp_unslash' ) ? wp_unslash( $r ) : stripslashes_deep( $r );
 
     // Prepare duplicate check query