WordPress.org
Get WordPress

Make WordPress Core

Ticket #42441: 42441-esc-sql.diff

File 42441-esc-sql.diff, 823 bytes (added by peterwilsoncc, 18 months ago)

  • src/wp-includes/option.php 

    diff --git a/src/wp-includes/option.php b/src/wp-includes/option.php
index 7cdf6ca4f6..c454e1119d 100644
    a b function wp_load_alloptions( $force_cache = false ) { 
    606606
    607607        if ( ! $alloptions ) {
    608608                $suppress      = $wpdb->suppress_errors();
    609                 $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload IN ( '" . implode( "', '", wp_autoload_values_to_autoload() ) . "' )" );
     609                $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload IN ( '" . implode( "', '", esc_sql( wp_autoload_values_to_autoload() ) ) . "' )" );
    610610
    611611                if ( ! $alloptions_db ) {
    612612                        $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" );