Ticket #10041: 10041.8.diff
File 10041.8.diff, 2.2 KB (added by , 11 years ago) |
---|
-
wp-includes/deprecated.php
3463 3463 * 3464 3464 * @since 2.5.0 3465 3465 * @deprecated 4.0.0 3466 * @deprecated Use wpdb::esc_like()3466 * @deprecated Use esc_like_sql() or wpdb::esc_like() 3467 3467 * 3468 3468 * @param string $text The text to be escaped. 3469 3469 * @return string text, safe for inclusion in LIKE query. 3470 3470 */ 3471 function like_escape($text) { 3472 _deprecated_function( __FUNCTION__, '4.0', 'wpdb::esc_like()' ); 3473 return str_replace( array( "%", "_" ), array( "\\%", "\\_" ), $text ); 3471 function like_escape( $text ) { 3472 return esc_like_sql( $text ); 3474 3473 } 3475 3474 3476 3475 /** -
wp-includes/formatting.php
2942 2942 } 2943 2943 2944 2944 /** 2945 * First half of escaping for LIKE special characters % and _ before preparing for MySQL. 2946 * 2947 * Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security. 2948 * 2949 * Example Prepared Statement: 2950 * $wild = '%'; 2951 * $find = 'only 43% of planets'; 2952 * $like = $wild . esc_like_sql( $find ) . $wild; 2953 * $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like ); 2954 * 2955 * Example Escape Chain: 2956 * $sql = esc_sql( esc_like_sql( $input ) ); 2957 * 2958 * @since 4.0.0 2959 * 2960 * @uses WPDB::esc_like() 2961 * @param string $text The raw text to be escaped. The input typed by the user should have no extra or deleted slashes. 2962 * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call prepare or real_escape next. 2963 */ 2964 function esc_like_sql( $text ) { 2965 global $wpdb; 2966 return $wpdb->esc_like( $text ); 2967 } 2968 2969 /** 2945 2970 * Checks and cleans a URL. 2946 2971 * 2947 2972 * A number of characters are removed from the URL. If the URL is for displaying -
wp-includes/wp-db.php
1187 1187 * @param string $text The raw text to be escaped. The input typed by the user should have no extra or deleted slashes. 1188 1188 * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call prepare or real_escape next. 1189 1189 */ 1190 function esc_like( $text ) {1190 public function esc_like( $text ) { 1191 1191 return addcslashes( $text, '_%\\' ); 1192 1192 } 1193 1193