HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use wpdb->escape instead of addslashes to prepare DB bound data.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@2699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
2005-07-05 20:47:22 +00:00
parent a79476f1e7
commit 91efba11ad
19 changed files with 101 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/comment-functions.php
View File

@@ -13,8 +13,8 @@ function comments_template( $file = '/comments.php' ) {
if ( empty($comment_author) ) {
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
} else {
$author_db = addslashes($comment_author);
$email_db = addslashes($comment_author_email);
$author_db = $wpdb->escape($comment_author);
$email_db = $wpdb->escape($comment_author_email);
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
}

9
wp-includes/functions-formatting.php
View File

@@ -523,10 +523,13 @@ function trailingslashit($string) {
}
function addslashes_gpc($gpc) {
if (!get_magic_quotes_gpc()) {
$gpc = addslashes($gpc);
global $wpdb;
if (get_magic_quotes_gpc()) {
$gpc = stripslashes($gpc);
}
return $gpc;
return $wpdb->escape($gpc);
}
function antispambot($emailaddy, $mailto=0) {

6
wp-includes/functions.php
View File

@@ -843,7 +843,7 @@ function do_enclose( $content, $post_ID ) {
if ( $url != '' && !$wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) {
if ( $headers = wp_get_http_headers( $url) ) {
$len = (int) $headers['content-length'];
$type = addslashes( $headers['content-type'] );
$type = $wpdb->escape( $headers['content-type'] );
$allowed_types = array( 'video', 'audio' );
if( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
$meta_value = "$url\n$len\n$type\n";
@@ -1882,11 +1882,13 @@ function load_template($file) {
}
function add_magic_quotes($array) {
global $wpdb;
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
$array[$k] = $wpdb->escape($v);
}
}
return $array;