Use wpdb->escape instead of addslashes to prepare DB bound data.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
@@ -90,12 +90,12 @@ case "step1":
|
||||
$s=$userdata[4];
|
||||
$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
|
||||
|
||||
$user_login=addslashes($userdata[0]);
|
||||
$pass1=addslashes($userdata[1]);
|
||||
$user_nickname=addslashes($userdata[0]);
|
||||
$user_email=addslashes($userdata[2]);
|
||||
$user_url=addslashes($userdata[3]);
|
||||
$user_joindate=addslashes($user_joindate);
|
||||
$user_login=$wpdb->escape($userdata[0]);
|
||||
$pass1=$wpdb->escape($userdata[1]);
|
||||
$user_nickname=$wpdb->escape($userdata[0]);
|
||||
$user_email=$wpdb->escape($userdata[2]);
|
||||
$user_url=$wpdb->escape($userdata[3]);
|
||||
$user_joindate=$wpdb->escape($user_joindate);
|
||||
|
||||
$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
|
||||
if ($loginthere) {
|
||||
@@ -147,18 +147,18 @@ case "step1":
|
||||
$postmaincontent=gm2autobr($entry[2]);
|
||||
$postmorecontent=gm2autobr($entry[3]);
|
||||
|
||||
$post_author=trim(addslashes($postinfo[1]));
|
||||
$post_author=trim($wpdb->escape($postinfo[1]));
|
||||
// we'll check the author is registered, or if it's a deleted author
|
||||
$sql = "SELECT * FROM $wpdb->users WHERE user_login = '$post_author'";
|
||||
$result = $wpdb->query($sql);
|
||||
if (! $result) { // if deleted from GM, we register the author as a level 0 user in wp
|
||||
$user_joindate="1979-06-06 00:41:00";
|
||||
$user_login=addslashes($post_author);
|
||||
$pass1=addslashes("password");
|
||||
$user_nickname=addslashes($post_author);
|
||||
$user_email=addslashes("user@deleted.com");
|
||||
$user_url=addslashes("");
|
||||
$user_joindate=addslashes($user_joindate);
|
||||
$user_login=$wpdb->escape($post_author);
|
||||
$pass1=$wpdb->escape("password");
|
||||
$user_nickname=$wpdb->escape($post_author);
|
||||
$user_email=$wpdb->escape("user@deleted.com");
|
||||
$user_url=$wpdb->escape("");
|
||||
$user_joindate=$wpdb->escape($user_joindate);
|
||||
$query = "INSERT INTO $wpdb->users (user_login,user_pass,user_email,user_url,user_registered,user_level) VALUES ('$user_login','$pass1','$user_email','$user_url','$user_joindate','0')";
|
||||
$result = $wpdb->query($query);
|
||||
if ($result==false) {
|
||||
@@ -171,7 +171,7 @@ case "step1":
|
||||
$post_author_ID = $wpdb->get_var($sql);
|
||||
|
||||
$post_title=gm2autobr($postinfo[2]);
|
||||
$post_title=addslashes($post_title);
|
||||
$post_title=$wpdb->escape($post_title);
|
||||
|
||||
$postyear=$postinfo[6];
|
||||
$postmonth=zeroise($postinfo[4],2);
|
||||
@@ -188,7 +188,7 @@ case "step1":
|
||||
$post_content=$postmaincontent;
|
||||
if (strlen($postmorecontent)>3)
|
||||
$post_content .= "<!--more--><br /><br />".$postmorecontent;
|
||||
$post_content=addslashes($post_content);
|
||||
$post_content=$wpdb->escape($post_content);
|
||||
|
||||
$post_karma=$postinfo[12];
|
||||
|
||||
@@ -222,10 +222,10 @@ case "step1":
|
||||
$entry[$j]=gm2autobr($entry[$j]);
|
||||
$commentinfo=explode("|",$entry[$j]);
|
||||
$comment_post_ID=$post_ID;
|
||||
$comment_author=addslashes($commentinfo[0]);
|
||||
$comment_author_email=addslashes($commentinfo[2]);
|
||||
$comment_author_url=addslashes($commentinfo[3]);
|
||||
$comment_author_IP=addslashes($commentinfo[1]);
|
||||
$comment_author=$wpdb->escape($commentinfo[0]);
|
||||
$comment_author_email=$wpdb->escape($commentinfo[2]);
|
||||
$comment_author_url=$wpdb->escape($commentinfo[3]);
|
||||
$comment_author_IP=$wpdb->escape($commentinfo[1]);
|
||||
|
||||
$commentyear=$commentinfo[7];
|
||||
$commentmonth=zeroise($commentinfo[5],2);
|
||||
@@ -237,7 +237,7 @@ case "step1":
|
||||
$commenthour=$commenthour+12;
|
||||
$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
|
||||
|
||||
$comment_content=addslashes($commentinfo[12]);
|
||||
$comment_content=$wpdb->escape($commentinfo[12]);
|
||||
|
||||
$sql3 = "INSERT INTO $wpdb->comments (comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content) VALUES ('$comment_post_ID','$comment_author','$comment_author_email','$comment_author_url','$comment_author_IP','$comment_date','$comment_content')";
|
||||
$result3 = $wpdb->query($sql3);
|
||||
|
||||
Reference in New Issue
Block a user