WordPress.org

Make WordPress Core

Ticket #10041: 10041.5.diff

File 10041.5.diff, 1.5 KB (added by ampt, 4 years ago)

Updated patch 10041.4.diff to apply cleanly against trunk, the changes to /wp-admin/ms-sites.php no longer apply. The unit tests for like_escape pass.

  • wp-includes/taxonomy.php

     
    12721272        } 
    12731273 
    12741274        if ( !empty($search) ) { 
    1275                 $search = like_escape($search); 
     1275                $search = esc_sql(like_escape(stripslashes($search))); 
    12761276                $where .= " AND (t.name LIKE '%$search%')"; 
    12771277        } 
    12781278 
  • wp-includes/bookmark.php

     
    181181        } 
    182182 
    183183        if ( ! empty($search) ) { 
    184                 $search = like_escape($search); 
     184                $search = esc_sql(like_escape(stripslashes($search))); 
    185185                $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) "; 
    186186        } 
    187187 
  • wp-includes/formatting.php

     
    23912391 * 
    23922392 * @since 2.5.0 
    23932393 * 
    2394  * @param string $text The text to be escaped. 
    2395  * @return string text, safe for inclusion in LIKE query. 
     2394 * @param string $text The text to be escaped (expected unslashed). 
     2395 * @return string text, NOT safe for inclusion in LIKE query (needs an additional esc_sql()). 
    23962396 */ 
    23972397function like_escape($text) { 
    2398         return str_replace(array("%", "_"), array("\\%", "\\_"), $text); 
     2398        return addcslashes($text, '_%\\'); 
    23992399} 
    24002400 
    24012401/**