Wordpress 3.6

[autoinstalls/wordpress.git] / wp-admin / install.php

diff --git a/wp-admin/install.php b/wp-admin/install.php
index 2ff4f172c07153d6f19d9ea488463684c95a1948..71d59a9c49b96a448a518988f02fff461761edae 100644 (file)
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -63,7 +63,7 @@ function display_header() {
        ?>
 </head>
 <body class="wp-core-ui<?php if ( is_rtl() ) echo ' rtl'; ?>">
        ?>
 </head>
 <body class="wp-core-ui<?php if ( is_rtl() ) echo ' rtl'; ?>">

-<h1 id="logo"><a href="<?php esc_attr_e( 'http://wordpress.org/' ); ?>"><?php _e( 'WordPress' ); ?></a></h1>
+<h1 id="logo"><a href="<?php echo esc_url( __( 'http://wordpress.org/' ) ); ?>"><?php _e( 'WordPress' ); ?></a></h1>

 
 <?php
 } // end display_header()
 
 <?php
 } // end display_header()


@@ -84,10 +84,10 @@ function display_setup_form( $error = null ) {
        if ( ! empty( $_POST ) )
                $blog_public = isset( $_POST['blog_public'] );
 
        if ( ! empty( $_POST ) )
                $blog_public = isset( $_POST['blog_public'] );
 

-       $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-       $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-       $admin_password = isset($_POST['admin_password']) ? trim( stripslashes( $_POST['admin_password'] ) ) : '';
-       $admin_email  = isset( $_POST['admin_email']  ) ? trim( stripslashes( $_POST['admin_email'] ) ) : '';
+       $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+       $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+       $admin_password = isset($_POST['admin_password']) ? trim( wp_unslash( $_POST['admin_password'] ) ) : '';
+       $admin_email  = isset( $_POST['admin_email']  ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';

 
        if ( ! is_null( $error ) ) {
 ?>
 
        if ( ! is_null( $error ) ) {
 ?>


@@ -100,7 +100,7 @@ function display_setup_form( $error = null ) {
                        <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>" /></td>
                </tr>
                <tr>
                        <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>" /></td>
                </tr>
                <tr>

-                       <th scope="row"><label for="user_name"><?php _e('Username'); ?></label></th>
+                       <th scope="row"><label for="user_login"><?php _e('Username'); ?></label></th>

                        <td>
                        <?php
                        if ( $user_table ) {
                        <td>
                        <?php
                        if ( $user_table ) {


@@ -189,11 +189,11 @@ switch($step) {
 
                display_header();
                // Fill in the data we gathered
 
                display_header();
                // Fill in the data we gathered

-               $weblog_title = isset( $_POST['weblog_title'] ) ? trim( stripslashes( $_POST['weblog_title'] ) ) : '';
-               $user_name = isset($_POST['user_name']) ? trim( stripslashes( $_POST['user_name'] ) ) : 'admin';
-               $admin_password = isset($_POST['admin_password']) ? $_POST['admin_password'] : '';
-               $admin_password_check = isset($_POST['admin_password2']) ? $_POST['admin_password2'] : '';
-               $admin_email  = isset( $_POST['admin_email']  ) ?trim( stripslashes( $_POST['admin_email'] ) ) : '';
+               $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
+               $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : 'admin';
+               $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
+               $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
+               $admin_email  = isset( $_POST['admin_email']  ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';

                $public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
                // check e-mail address
                $error = false;
                $public       = isset( $_POST['blog_public']  ) ? (int) $_POST['blog_public'] : 0;
                // check e-mail address
                $error = false;