Make WordPress Core

Ticket #10249: 10249.2.patch

File 10249.2.patch, 2.0 KB (added by SergeyBiryukov, 13 years ago)

Escape $post_type, avoid $wpdb->prepare()

  • wp-includes/class-wp.php

     
    159159                        // front.  For path info requests, this leaves us with the requesting
    160160                        // filename, if any.  For 404 requests, this leaves us with the
    161161                        // requested permalink.
    162                         $req_uri = str_replace($pathinfo, '', $req_uri);
     162                        $req_uri = str_replace( $pathinfo, '', rawurldecode($req_uri) );
    163163                        $req_uri = trim($req_uri, '/');
    164164                        $req_uri = preg_replace("|^$home_path|", '', $req_uri);
    165165                        $req_uri = trim($req_uri, '/');
     
    199199                                                $request_match = $req_uri . '/' . $request;
    200200
    201201                                        if ( preg_match("#^$match#", $request_match, $matches) ||
    202                                                 preg_match("#^$match#", urldecode($request_match), $matches) ) {
     202                                                preg_match("#^$match#", urldecode($request_match), $matches) ||
     203                                                preg_match("#^$match#", strtolower( rawurlencode($request_match) ), $matches) ) {
    203204
    204205                                                if ( $wp_rewrite->use_verbose_page_rules && preg_match( '/pagename=\$([^&\[]+)\[([0-9]+)\]/', $query, $varmatch ) ) {
    205206                                                        // this is a verbose page match, lets check to be sure about it
  • wp-includes/post.php

     
    31563156        $parts = array_map( 'sanitize_title', $parts );
    31573157
    31583158        $in_string = "'". implode( "','", $parts ) . "'";
    3159         $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name IN ({$in_string}) AND (post_type = %s OR post_type = 'attachment')", $post_type ), OBJECT_K );
     3159        $post_type_sql = esc_sql( $post_type );
     3160        $pages = $wpdb->get_results( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name IN ({$in_string}) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K );
    31603161
    31613162        $revparts = array_reverse( $parts );
    31623163