Make WordPress Core

Ticket #5684: like-escaping-for-tags-search.diff

File like-escaping-for-tags-search.diff, 1.2 KB (added by nbachiyski, 17 years ago)
  • wp-includes/formatting.php

     
    11641164        $safe_text = wp_specialchars($text, true);
    11651165        return apply_filters('attribute_escape', $safe_text, $text);
    11661166}
     1167/**
     1168 * Escapes text for SQL LIKE special characters % and _
     1169 *
     1170 * @param string text the text to be escaped
     1171 * @return string text, safe for inclusion in LIKE query
     1172 */
     1173function like_escape($text) {
     1174        return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
     1175}
    11671176
    11681177function wp_make_link_relative( $link ) {
    11691178        return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
  • wp-admin/includes/template.php

     
    268268
    269269        $args = array('offset' => $start, 'number' => $pagesize, 'hide_empty' => 0);
    270270 
    271         if ( !empty( $searchterms ) )
    272                 $args['name__like'] = '%' . $searchterms;
     271        if ( !empty( $searchterms ) ) {
     272                $args['name__like'] = '%' . like_escape( $searchterms );
     273        }
    273274
    274275        $tags = get_terms( 'post_tag', $args );
    275276