-$tb_url = $_POST['url'];
-$title = $_POST['title'];
-$excerpt = $_POST['excerpt'];
-$blog_name = $_POST['blog_name'];
-$charset = $_POST['charset'];
+$tb_url = $_POST['url'];
+$charset = $_POST['charset'];
+
+// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
+$title = stripslashes($_POST['title']);
+$excerpt = stripslashes($_POST['excerpt']);
+$blog_name = stripslashes($_POST['blog_name']);