}
/**
- * trackback_response() - Respond with error or success XML message
+ * trackback_response() - Respond with an error or success XML message
*
* @param int|bool $error Whether there was an error
* @param string $error_message Error message if an error occurred
$charset = isset($_POST['charset']) ? $_POST['charset'] : '';
// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
-$title = isset($_POST['title']) ? stripslashes($_POST['title']) : '';
-$excerpt = isset($_POST['excerpt']) ? stripslashes($_POST['excerpt']) : '';
-$blog_name = isset($_POST['blog_name']) ? stripslashes($_POST['blog_name']) : '';
+$title = isset($_POST['title']) ? wp_unslash($_POST['title']) : '';
+$excerpt = isset($_POST['excerpt']) ? wp_unslash($_POST['excerpt']) : '';
+$blog_name = isset($_POST['blog_name']) ? wp_unslash($_POST['blog_name']) : '';
if ($charset)
$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
}
// Now that mb_convert_encoding() has been given a swing, we need to escape these three
-$title = $wpdb->escape($title);
-$excerpt = $wpdb->escape($excerpt);
-$blog_name = $wpdb->escape($blog_name);
+$title = wp_slash($title);
+$excerpt = wp_slash($excerpt);
+$blog_name = wp_slash($blog_name);
if ( is_single() || is_page() )
$tb_id = $posts[0]->ID;
if ( !pings_open($tb_id) )
trackback_response(1, 'Sorry, trackbacks are closed for this item.');
- $title = wp_html_excerpt( $title, 250 ).'...';
- $excerpt = wp_html_excerpt( $excerpt, 252 ).'...';
+ $title = wp_html_excerpt( $title, 250, '…' );
+ $excerpt = wp_html_excerpt( $excerpt, 252, '…' );
$comment_post_ID = (int) $tb_id;
$comment_author = $blog_name;