Changeset 4676

Show
Ignore:
Timestamp:
01/05/07 05:45:46 (2 years ago)
Author:
markjaquith
Message:

Delay Trackback data escaping until after mb_convert_encoding(). Props to Stefan Esser.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-trackback.php

    r4495 r4676  
    3131} 
    3232 
    33 $tb_url    = $_POST['url']; 
    34 $title     = $_POST['title']; 
    35 $excerpt   = $_POST['excerpt']; 
    36 $blog_name = $_POST['blog_name']; 
    37 $charset   = $_POST['charset']; 
     33$tb_url  = $_POST['url']; 
     34$charset = $_POST['charset']; 
     35 
     36// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding() 
     37$title     = stripslashes($_POST['title']); 
     38$excerpt   = stripslashes($_POST['excerpt']); 
     39$blog_name = stripslashes($_POST['blog_name']); 
    3840 
    3941if ($charset) 
     
    4749    $blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset); 
    4850} 
     51 
     52// Now that mb_convert_encoding() has been given a swing, we need to escape these three 
     53$title     = $wpdb->escape($title); 
     54$excerpt   = $wpdb->escape($excerpt); 
     55$blog_name = $wpdb->escape($blog_name); 
    4956 
    5057if ( is_single() || is_page() )