Ticket #8460: duplicate-posts-comments-import.diff
File duplicate-posts-comments-import.diff, 2.7 KB (added by , 15 years ago) |
---|
-
wp-admin/includes/post.php
403 403 * 404 404 * @param unknown_type $title 405 405 * @param unknown_type $content 406 * @param unknown_type $ post_date406 * @param unknown_type $date 407 407 * @return unknown 408 408 */ 409 function post_exists($title, $content = '', $ post_date = '') {409 function post_exists($title, $content = '', $date = '') { 410 410 global $wpdb; 411 411 412 $title = stripslashes($title); 413 $content = stripslashes($content); 414 $post_date = stripslashes($post_date); 412 $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); 413 $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); 414 $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); 415 416 if ( !empty ( $date ) ) 417 $post_date = $wpdb->prepare( "AND post_date = %s", $post_date ); 415 418 416 if (!empty ($post_date)) 417 $post_date = $wpdb->prepare("AND post_date = %s", $post_date); 419 if ( !empty ( $title ) ) 420 $post_title = $wpdb->prepare( "AND post_title = %s", $post_title ); 421 422 if ( !empty ( $content ) ) 423 $post_content = $wpdb->prepare( "AND post_content = %s", $post_content ); 424 425 if ( !empty ( $date ) || !empty( $title ) || !empty( $content ) ) 426 return $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE 1 $post_title $post_content $post_date" ); 418 427 419 if (!empty ($title))420 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );421 else422 if (!empty ($content))423 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );424 425 428 return 0; 426 429 } 427 430 -
wp-admin/includes/comment.php
19 19 function comment_exists($comment_author, $comment_date) { 20 20 global $wpdb; 21 21 22 return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments 23 WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); 22 /* 23 * in the current use cases (all in wp-admin/import) the comment_author 24 * variable is already escaped. running this through the prepare statement leads to 25 * double escaped values. 26 * so we are just preparing comment_date here 27 */ 28 $comment_date = $wpdb->prepare( $comment_date ); 29 30 return $wpdb->get_var( sprintf( "SELECT comment_post_ID FROM $wpdb->comments 31 WHERE comment_author = '%s' AND comment_date = '%s'", $comment_author, $comment_date) ); 24 32 } 25 33 26 34 /**