diff --git wp-includes/bookmark.php wp-includes/bookmark.php
index ab4b8c8..c987f9c 100644
|
|
|
function get_bookmarks($args = '') { |
| 186 | 186 | } |
| 187 | 187 | |
| 188 | 188 | if ( ! empty($search) ) { |
| 189 | | $search = like_escape($search); |
| | 189 | $search = esc_sql( like_escape( stripslashes( $search ) ) ); |
| 190 | 190 | $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) "; |
| 191 | 191 | } |
| 192 | 192 | |
diff --git wp-includes/formatting.php wp-includes/formatting.php
index 83f5269..3d84c5d 100644
|
|
|
function tag_escape($tag_name) { |
| 2746 | 2746 | * |
| 2747 | 2747 | * @since 2.5.0 |
| 2748 | 2748 | * |
| 2749 | | * @param string $text The text to be escaped |
| 2750 | | * @return string text, safe for inclusion in LIKE query. |
| | 2749 | * @param string $text The text to be escaped (expected unslashed). |
| | 2750 | * @return string text, NOT safe for inclusion in LIKE query (needs an additional esc_sql()). |
| 2751 | 2751 | */ |
| 2752 | | function like_escape($text) { |
| 2753 | | return str_replace(array("%", "_"), array("\\%", "\\_"), $text); |
| | 2752 | function like_escape( $text ) { |
| | 2753 | return addcslashes( $text, '_%\\' ); |
| 2754 | 2754 | } |
| 2755 | 2755 | |
| 2756 | 2756 | /** |
diff --git wp-includes/taxonomy.php wp-includes/taxonomy.php
index d527ee1..f1c51e3 100644
|
|
|
function get_terms($taxonomies, $args = '') { |
| 1356 | 1356 | } |
| 1357 | 1357 | |
| 1358 | 1358 | if ( !empty($search) ) { |
| 1359 | | $search = like_escape($search); |
| | 1359 | $search = esc_sql( like_escape( stripslashes( $search ) ) ); |
| 1360 | 1360 | $where .= $wpdb->prepare( " AND (t.name LIKE %s)", '%' . $search . '%'); |
| 1361 | 1361 | } |
| 1362 | 1362 | |