Deprecate addslashes_gpc function and add unit tests.

src/wp-includes/class-wp-query.php

@@ -2386,7 +2386,7 @@ public function get_posts() {
 		// Author/user stuff.
 
 		if ( ! empty( $query_vars['author'] ) && '0' != $query_vars['author'] ) {
-			$query_vars['author'] = addslashes_gpc( '' . urldecode( $query_vars['author'] ) );
+			$query_vars['author'] = wp_slash( '' . urldecode( $query_vars['author'] ) );
 			$authors              = array_unique( array_map( 'intval', preg_split( '/[,\s]+/', $query_vars['author'] ) ) );
 			sort( $authors );
 			foreach ( $authors as $author ) {
@@ -2505,7 +2505,7 @@ public function get_posts() {
 			$orderby_array = array();
 			if ( is_array( $query_vars['orderby'] ) ) {
 				foreach ( $query_vars['orderby'] as $_orderby => $order ) {
-					$orderby = addslashes_gpc( urldecode( $_orderby ) );
+					$orderby = wp_slash( urldecode( $_orderby ) );
 					$parsed  = $this->parse_orderby( $orderby );
 
 					if ( ! $parsed ) {
@@ -2518,7 +2518,7 @@ public function get_posts() {
 
 			} else {
 				$query_vars['orderby'] = urldecode( $query_vars['orderby'] );
-				$query_vars['orderby'] = addslashes_gpc( $query_vars['orderby'] );
+				$query_vars['orderby'] = wp_slash( $query_vars['orderby'] );
 
 				foreach ( explode( ' ', $query_vars['orderby'] ) as $i => $orderby ) {
 					$parsed = $this->parse_orderby( $orderby );

src/wp-includes/deprecated.php

@@ -6479,3 +6479,21 @@ function wp_print_auto_sizes_contain_css_fix() {
 	<style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>
 	<?php
 }
+
+/**
+ * Adds slashes to a string or recursively adds slashes to strings within an array.
+ *
+ * This function is just a wrapper for `wp_slash()`. It was originally related to
+ * magic quotes functionality which was deprecated in PHP 5.3.0 and removed in PHP 5.4.0.
+ *
+ * @since 0.71
+ * @deprecated 7.0.0 Use wp_slash() instead.
+ * @see wp_slash()
+ *
+ * @param string|array $gpc String or array of data to slash.
+ * @return string|array Slashed `$gpc`.
+ */
+function addslashes_gpc( $gpc ) {
+	_deprecated_function( __FUNCTION__, '7.0.0', 'wp_slash()' );
+	return wp_slash( $gpc );
+}

src/wp-includes/formatting.php

@@ -2837,18 +2837,6 @@ function untrailingslashit( $value ) {
 	return rtrim( $value, '/\\' );
 }
 
-/**
- * Adds slashes to a string or recursively adds slashes to strings within an array.
- *
- * @since 0.71
- *
- * @param string|array $gpc String or array of data to slash.
- * @return string|array Slashed `$gpc`.
- */
-function addslashes_gpc( $gpc ) {
-	return wp_slash( $gpc );
-}
-
 /**
  * Navigates through an array, object, or scalar, and removes slashes from the values.
  *

tests/phpunit/tests/formatting/wpSlash.php

@@ -101,4 +101,35 @@ public function test_add_even_more_slashes() {
 		$this->assertSame( array( 'a' => $new ), wp_slash( array( 'a' => $old ) ) ); // Keyed array.
 		$this->assertSame( array( $new ), wp_slash( array( $old ) ) ); // Non-keyed.
 	}
+
+	/**
+	 * Tests that addslashes_gpc() returns the same result as wp_slash() for strings.
+	 *
+	 * @ticket 64539
+	 * @expectedDeprecated addslashes_gpc
+	 */
+	public function test_addslashes_gpc_matches_wp_slash_for_strings() {
+		$input = "String with 'quotes' and \"double quotes\"";
+		$this->assertSame( wp_slash( $input ), addslashes_gpc( $input ) );
+	}
+
+	/**
+	 * Tests that addslashes_gpc() returns the same result as wp_slash() for arrays.
+	 *
+	 * @ticket 64539
+	 * @expectedDeprecated addslashes_gpc
+	 */
+	public function test_addslashes_gpc_matches_wp_slash_for_arrays() {
+		$input = array(
+			'field1' => "Value with 'apostrophe'",
+			'field2' => 'Value with "quotes"',
+			'field3' => 'user@example.com',
+			'nested' => array(
+				'key1' => 'Nested value with \\ backslash',
+				'key2' => array( 'deeply', 'nested', 'array' ),
+			),
+		);
+
+		$this->assertSame( wp_slash( $input ), addslashes_gpc( $input ) );
+	}
 }