WordPress.org

Make WordPress Core

Ticket #10126: 10126.2.patch

File 10126.2.patch, 1.2 KB (added by hakre, 4 years ago)

updated fix against current trunk, all params are now used in $wpdb->prepare statement

  • wp-includes/post.php

    ### Eclipse Workspace Patch 1.0
    #P wordpress-trunk
     
    19771977        } elseif ( in_array($post_type, $hierarchical_post_types) ) { 
    19781978                // Page slugs must be unique within their own trees.  Pages are in a 
    19791979                // separate namespace than posts so page slugs are allowed to overlap post slugs. 
    1980                 $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", esc_sql($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1"; 
    1981                 $post_name_check = $wpdb->get_var($wpdb->prepare($check_sql, $slug, $post_ID, $post_parent)); 
    19821980 
     1981                $pattern   = substr(str_repeat(', %s', count($hierarchical_post_types)), 2); 
     1982                $params    = array( $slug, $post_ID, $post_parent ) + $hierarchical_post_types; 
     1983                $check_sql = sprintf('SELECT post_name FROM %s WHERE post_name = %%s AND post_type IN (%s)', $wpdb->posts, $pattern); 
     1984                $post_name_check = $wpdb->get_var($wpdb->prepare($check_sql, $params)); 
     1985 
    19831986                if ( $post_name_check || in_array($slug, $feeds) ) { 
    19841987                        $suffix = 2; 
    19851988                        do {