Wordpress 3.6

[autoinstalls/wordpress.git] / wp-admin / includes / file.php

diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index 96b6db45c032c70559bdffc601eec01cb907d90c..ca424264bc0a2da81a169576a8cc976ecdeef33e 100644 (file)
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -90,7 +90,7 @@ function get_home_path() {
                $home_path = ABSPATH;
        }
 
                $home_path = ABSPATH;
        }
 

-       return $home_path;
+       return str_replace( '\\', '/', $home_path );

 }
 
 /**
 }
 
 /**


@@ -497,7 +497,7 @@ function download_url( $url, $timeout = 300 ) {
        if ( ! $tmpfname )
                return new WP_Error('http_no_file', __('Could not create Temporary file.'));
 
        if ( ! $tmpfname )
                return new WP_Error('http_no_file', __('Could not create Temporary file.'));
 

-       $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
+       $response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );

 
        if ( is_wp_error( $response ) ) {
                unlink( $tmpfname );
 
        if ( is_wp_error( $response ) ) {
                unlink( $tmpfname );


@@ -911,13 +911,13 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
        $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
 
        // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
        $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
 
        // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)

-       $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
-       $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
-       $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
+       $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
+       $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
+       $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');

 
        // Check to see if we are setting the public/private keys for ssh
 
        // Check to see if we are setting the public/private keys for ssh

-       $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
-       $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
+       $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
+       $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');

 
        //sanitize the hostname, Some people might pass in odd-data:
        $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
 
        //sanitize the hostname, Some people might pass in odd-data:
        $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off


@@ -935,8 +935,8 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
        else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
                $credentials['connection_type'] = 'ftps';
        else if ( !empty($_POST['connection_type']) )
        else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
                $credentials['connection_type'] = 'ftps';
        else if ( !empty($_POST['connection_type']) )

-               $credentials['connection_type'] = stripslashes($_POST['connection_type']);
-       else if ( !isset($credentials['connection_type']) ) //All else fails (And its not defaulted to something else saved), Default to FTP
+               $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
+       else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP

                $credentials['connection_type'] = 'ftp';
 
        if ( ! $error &&
                $credentials['connection_type'] = 'ftp';
 
        if ( ! $error &&


@@ -989,7 +989,7 @@ jQuery(function($){
 });
 -->
 </script>
 });
 -->
 </script>

-<form action="<?php echo $form_post ?>" method="post">
+<form action="<?php echo esc_url( $form_post ) ?>" method="post">

 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php _e('Connection Information') ?></h2>
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php _e('Connection Information') ?></h2>


@@ -1060,7 +1060,7 @@ jQuery(function($){
 <?php
 foreach ( (array) $extra_fields as $field ) {
        if ( isset( $_POST[ $field ] ) )
 <?php
 foreach ( (array) $extra_fields as $field ) {
        if ( isset( $_POST[ $field ] ) )

-               echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( stripslashes( $_POST[ $field ] ) ) . '" />';
+               echo '<input type="hidden" name="' . esc_attr( $field ) . '" value="' . esc_attr( wp_unslash( $_POST[ $field ] ) ) . '" />';

 }
 submit_button( __( 'Proceed' ), 'button', 'upgrade' );
 ?>
 }
 submit_button( __( 'Proceed' ), 'button', 'upgrade' );
 ?>