Make WordPress Core

Ticket #10041: 10041.3.diff

File 10041.3.diff, 1.2 KB (added by Denis-de-Bernardy, 15 years ago)
  • wp-includes/taxonomy.php

     
    866866        }
    867867
    868868        if ( !empty($search) ) {
    869                 $search = like_escape($search);
     869                $search = like_escape(stripslashes($search));
    870870                $where .= " AND (t.name LIKE '%$search%')";
    871871        }
    872872
  • wp-includes/bookmark.php

     
    181181        }
    182182
    183183        if ( ! empty($search) ) {
    184                 $search = like_escape($search);
     184                $search = like_escape(stripslashes($search));
    185185                $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
    186186        }
    187187
  • wp-includes/formatting.php

     
    23292329 * @return string text, safe for inclusion in LIKE query.
    23302330 */
    23312331function like_escape($text) {
    2332         return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
     2332        return esc_sql(addcslashes($text, '_%\\'));
    23332333}
    23342334
    23352335/**