WordPress.org

Make WordPress Core

Ticket #10041: 10041.5.diff

File 10041.5.diff, 1.5 KB (added by ampt, 7 years ago)

Updated patch 10041.4.diff to apply cleanly against trunk, the changes to /wp-admin/ms-sites.php no longer apply. The unit tests for like_escape pass.

  • wp-includes/taxonomy.php

     
    12721272        }
    12731273
    12741274        if ( !empty($search) ) {
    1275                 $search = like_escape($search);
     1275                $search = esc_sql(like_escape(stripslashes($search)));
    12761276                $where .= " AND (t.name LIKE '%$search%')";
    12771277        }
    12781278
  • wp-includes/bookmark.php

     
    181181        }
    182182
    183183        if ( ! empty($search) ) {
    184                 $search = like_escape($search);
     184                $search = esc_sql(like_escape(stripslashes($search)));
    185185                $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
    186186        }
    187187
  • wp-includes/formatting.php

     
    23912391 *
    23922392 * @since 2.5.0
    23932393 *
    2394  * @param string $text The text to be escaped.
    2395  * @return string text, safe for inclusion in LIKE query.
     2394 * @param string $text The text to be escaped (expected unslashed).
     2395 * @return string text, NOT safe for inclusion in LIKE query (needs an additional esc_sql()).
    23962396 */
    23972397function like_escape($text) {
    2398         return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
     2398        return addcslashes($text, '_%\\');
    23992399}
    24002400
    24012401/**