X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/baca9ce86a38dc54c4574890ee2d352fd81f78b2..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-admin/includes/file.php
diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index 96b6db45..ca424264 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -90,7 +90,7 @@ function get_home_path() {
$home_path = ABSPATH;
}
- return $home_path;
+ return str_replace( '\\', '/', $home_path );
}
/**
@@ -497,7 +497,7 @@ function download_url( $url, $timeout = 300 ) {
if ( ! $tmpfname )
return new WP_Error('http_no_file', __('Could not create Temporary file.'));
- $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
+ $response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );
if ( is_wp_error( $response ) ) {
unlink( $tmpfname );
@@ -911,13 +911,13 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
- $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']);
- $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']);
- $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : '');
+ $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
+ $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
+ $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
// Check to see if we are setting the public/private keys for ssh
- $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : '');
- $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : '');
+ $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
+ $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
//sanitize the hostname, Some people might pass in odd-data:
$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
@@ -935,8 +935,8 @@ function request_filesystem_credentials($form_post, $type = '', $error = false,
else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL
$credentials['connection_type'] = 'ftps';
else if ( !empty($_POST['connection_type']) )
- $credentials['connection_type'] = stripslashes($_POST['connection_type']);
- else if ( !isset($credentials['connection_type']) ) //All else fails (And its not defaulted to something else saved), Default to FTP
+ $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] );
+ else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP
$credentials['connection_type'] = 'ftp';
if ( ! $error &&
@@ -989,7 +989,7 @@ jQuery(function($){
});
-->
-