WordPress.org
Get WordPress

Make WordPress Core

Ticket #8460: duplicate-posts-comments-import.diff

File duplicate-posts-comments-import.diff, 2.7 KB (added by tott, 15 years ago)

patch for comment/post_exists functions against rev 10008

  • wp-admin/includes/post.php

     
    403403 *
    404404 * @param unknown_type $title
    405405 * @param unknown_type $content
    406  * @param unknown_type $post_date
     406 * @param unknown_type $date
    407407 * @return unknown
    408408 */
    409 function post_exists($title, $content = '', $post_date = '') {
     409function post_exists($title, $content = '', $date = '') {
    410410        global $wpdb;
    411411
    412         $title = stripslashes($title);
    413         $content = stripslashes($content);
    414         $post_date = stripslashes($post_date);
     412        $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
     413        $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );   
     414        $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
     415   
     416        if ( !empty ( $date ) )
     417                $post_date = $wpdb->prepare( "AND post_date = %s", $post_date );
    415418
    416         if (!empty ($post_date))
    417                 $post_date = $wpdb->prepare("AND post_date = %s", $post_date);
     419        if ( !empty ( $title ) )
     420                $post_title = $wpdb->prepare( "AND post_title = %s", $post_title );
     421   
     422        if ( !empty ( $content ) )
     423        $post_content = $wpdb->prepare( "AND post_content = %s", $post_content );
     424   
     425    if ( !empty ( $date ) || !empty( $title ) || !empty( $content ) )
     426        return $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE 1 $post_title $post_content $post_date" );
    418427
    419         if (!empty ($title))
    420                 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
    421         else
    422                 if (!empty ($content))
    423                         return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
    424 
    425428        return 0;
    426429}
    427430

  • wp-admin/includes/comment.php

     
    1919function comment_exists($comment_author, $comment_date) {
    2020        global $wpdb;
    2121
    22         return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
    23                         WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
     22    /*
     23     * in the current use cases (all in wp-admin/import) the comment_author
     24     * variable is already escaped. running this through the prepare statement leads to
     25     * double escaped values.
     26     * so we are just preparing comment_date here
     27     */
     28    $comment_date = $wpdb->prepare( $comment_date );
     29
     30        return $wpdb->get_var( sprintf( "SELECT comment_post_ID FROM $wpdb->comments
     31                        WHERE comment_author = '%s' AND comment_date = '%s'", $comment_author, $comment_date) );
    2432}
    2533
    2634/**