Ticket #12402: 12402.diff
| File 12402.diff, 1.8 KB (added by , 14 years ago) |
|---|
-
wp-includes/wp-db.php
775 775 * @return string|array escaped 776 776 */ 777 777 function _escape( $data ) { 778 if ( is_array( $data ) ) { 779 foreach ( (array) $data as $k => $v ) { 780 if ( is_array($v) ) 781 $data[$k] = $this->_escape( $v ); 782 else 783 $data[$k] = $this->_real_escape( $v ); 784 } 785 } else { 786 $data = $this->_real_escape( $data ); 787 } 788 789 return $data; 778 return $this->escape( $data ); 790 779 } 791 780 792 781 /** … … 799 788 * @return string|array escaped as query safe string 800 789 */ 801 790 function escape( $data ) { 802 if ( is_array( $data ) ) { 803 foreach ( (array) $data as $k => $v ) { 804 if ( is_array( $v ) ) 805 $data[$k] = $this->escape( $v ); 806 else 807 $data[$k] = $this->_weak_escape( $v ); 808 } 809 } else { 810 $data = $this->_weak_escape( $data ); 811 } 812 813 return $data; 791 if ( is_array( $data ) ) 792 return array_map( array(&$this, 'escape'), $data ); 793 else 794 return $this->_real_escape( $data ); 814 795 } 815 796 816 797 /** -
wp-includes/formatting.php
1214 1214 * @return string Returns a string escaped with slashes. 1215 1215 */ 1216 1216 function addslashes_gpc($gpc) { 1217 if ( get_magic_quotes_gpc() ) 1218 $gpc = stripslashes($gpc); 1219 1220 return esc_sql($gpc); 1217 return get_magic_quotes_gpc() ? $gpc : add_magic_quotes($gpc); 1221 1218 } 1222 1219 1223 1220 /** … … 2176 2173 * @return string The cleaned $sql 2177 2174 */ 2178 2175 function esc_sql( $sql ) { 2179 global $wpdb; 2180 return $wpdb->escape( $sql ); 2176 return add_magic_quotes( $sql ); 2181 2177 } 2182 2178 2183 2179 /**