mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-19 05:38:07 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Strip extra slashes from _POST when doing nonce AYS. Props MarkJaquith and mdawaffe. fixes #2761

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@3833 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2006-06-01 23:38:34 +00:00
parent 40f80adc70
commit acb5008e9c
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/pluggable-functions.php
View File

@ -238,6 +238,8 @@ function check_admin_referer($action = -1) {
$adminurl = $referer; $adminurl = $referer;
$title = __('WordPress Confirmation'); $title = __('WordPress Confirmation');
require_once(ABSPATH . '/wp-admin/admin-header.php'); require_once(ABSPATH . '/wp-admin/admin-header.php');
// Remove extra layer of slashes.
$_POST = stripslashes_deep($_POST );
if ( $_POST ) { if ( $_POST ) {
$q = http_build_query($_POST); $q = http_build_query($_POST);
$q = explode( ini_get('arg_separator.output'), $q); $q = explode( ini_get('arg_separator.output'), $q);