WordPress.org

Make WordPress Core

Ticket #10041: 10041.8.diff

File 10041.8.diff, 2.2 KB (added by johnjamesjacoby, 7 years ago)

Remove deprecated notice. Introduce esc_like_sql() wrapper.

  • wp-includes/deprecated.php

     
    34633463 *
    34643464 * @since 2.5.0
    34653465 * @deprecated 4.0.0
    3466  * @deprecated Use wpdb::esc_like()
     3466 * @deprecated Use esc_like_sql() or wpdb::esc_like()
    34673467 *
    34683468 * @param string $text The text to be escaped.
    34693469 * @return string text, safe for inclusion in LIKE query.
    34703470 */
    3471 function like_escape($text) {
    3472         _deprecated_function( __FUNCTION__, '4.0', 'wpdb::esc_like()' );
    3473         return str_replace( array( "%", "_" ), array( "\\%", "\\_" ), $text );
     3471function like_escape( $text ) {
     3472        return esc_like_sql( $text );
    34743473}
    34753474
    34763475/**
  • wp-includes/formatting.php

     
    29422942}
    29432943
    29442944/**
     2945 * First half of escaping for LIKE special characters % and _ before preparing for MySQL.
     2946 *
     2947 * Use this only before wpdb::prepare() or esc_sql().  Reversing the order is very bad for security.
     2948 *
     2949 * Example Prepared Statement:
     2950 *  $wild = '%';
     2951 *  $find = 'only 43% of planets';
     2952 *  $like = $wild . esc_like_sql( $find ) . $wild;
     2953 *  $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
     2954 *
     2955 * Example Escape Chain:
     2956 *  $sql  = esc_sql( esc_like_sql( $input ) );
     2957 *
     2958 * @since 4.0.0
     2959 *
     2960 * @uses WPDB::esc_like()
     2961 * @param string $text The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.
     2962 * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call prepare or real_escape next.
     2963 */
     2964function esc_like_sql( $text ) {
     2965        global $wpdb;
     2966        return $wpdb->esc_like( $text );
     2967}
     2968
     2969/**
    29452970 * Checks and cleans a URL.
    29462971 *
    29472972 * A number of characters are removed from the URL. If the URL is for displaying
  • wp-includes/wp-db.php

     
    11871187         * @param string $text The raw text to be escaped. The input typed by the user should have no extra or deleted slashes.
    11881188         * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call prepare or real_escape next.
    11891189         */
    1190         function esc_like( $text ) {
     1190        public function esc_like( $text ) {
    11911191                return addcslashes( $text, '_%\\' );
    11921192        }
    11931193