Ticket #10041: 10041.5.diff
File 10041.5.diff, 1.5 KB (added by , 14 years ago) |
---|
-
wp-includes/taxonomy.php
1272 1272 } 1273 1273 1274 1274 if ( !empty($search) ) { 1275 $search = like_escape($search);1275 $search = esc_sql(like_escape(stripslashes($search))); 1276 1276 $where .= " AND (t.name LIKE '%$search%')"; 1277 1277 } 1278 1278 -
wp-includes/bookmark.php
181 181 } 182 182 183 183 if ( ! empty($search) ) { 184 $search = like_escape($search);184 $search = esc_sql(like_escape(stripslashes($search))); 185 185 $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) "; 186 186 } 187 187 -
wp-includes/formatting.php
2391 2391 * 2392 2392 * @since 2.5.0 2393 2393 * 2394 * @param string $text The text to be escaped .2395 * @return string text, safe for inclusion in LIKE query.2394 * @param string $text The text to be escaped (expected unslashed). 2395 * @return string text, NOT safe for inclusion in LIKE query (needs an additional esc_sql()). 2396 2396 */ 2397 2397 function like_escape($text) { 2398 return str_replace(array("%", "_"), array("\\%", "\\_"), $text);2398 return addcslashes($text, '_%\\'); 2399 2399 } 2400 2400 2401 2401 /**