Ticket #4690: 4690.diff

wp-includes/functions.php

@@ -179 +179 @@
 
 function get_option($setting) {
         global $wpdb;
+        
+        $setting = $wpdb->escape($setting);
 
         // Allow plugins to short-circuit options.
         $pre = apply_filters( 'pre_option_' . $setting, false ); 
@@ -364 +366 @@
 
 function delete_option($name) {
         global $wpdb;
+        
+        $name = $wpdb->escape($name);
 
         wp_protect_special_option($name);