WordPress.org

Make WordPress Core

Ticket #10041: 10041.3.diff

File 10041.3.diff, 1.2 KB (added by Denis-de-Bernardy, 6 years ago)
  • wp-includes/taxonomy.php

     
    866866        } 
    867867 
    868868        if ( !empty($search) ) { 
    869                 $search = like_escape($search); 
     869                $search = like_escape(stripslashes($search)); 
    870870                $where .= " AND (t.name LIKE '%$search%')"; 
    871871        } 
    872872 
  • wp-includes/bookmark.php

     
    181181        } 
    182182 
    183183        if ( ! empty($search) ) { 
    184                 $search = like_escape($search); 
     184                $search = like_escape(stripslashes($search)); 
    185185                $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) "; 
    186186        } 
    187187 
  • wp-includes/formatting.php

     
    23292329 * @return string text, safe for inclusion in LIKE query. 
    23302330 */ 
    23312331function like_escape($text) { 
    2332         return str_replace(array("%", "_"), array("\\%", "\\_"), $text); 
     2332        return esc_sql(addcslashes($text, '_%\\')); 
    23332333} 
    23342334 
    23352335/**