Changeset 11978
- Timestamp:
- 09/27/2009 05:33:56 AM (15 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/comment.php
r11971 r11978 1230 1230 1231 1231 // Escape data pulled from DB. 1232 $comment = $wpdb->escape($comment);1232 $comment = esc_sql($comment); 1233 1233 1234 1234 $old_status = $comment['comment_approved']; -
trunk/wp-includes/formatting.php
r11935 r11978 1111 1111 } 1112 1112 1113 return $wpdb->escape($gpc);1113 return esc_sql($gpc); 1114 1114 } 1115 1115 … … 1281 1281 $text = stripslashes($text); 1282 1282 $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text); 1283 $text = $wpdb->escape($text);1283 $text = esc_sql($text); 1284 1284 return $text; 1285 1285 } -
trunk/wp-includes/functions.php
r11971 r11978 498 498 wp_protect_special_option( $option_name ); 499 499 500 $safe_option_name = $wpdb->escape( $option_name );500 $safe_option_name = esc_sql( $option_name ); 501 501 $newvalue = sanitize_option( $option_name, $newvalue ); 502 502 … … 572 572 573 573 wp_protect_special_option( $name ); 574 $safe_name = $wpdb->escape( $name );574 $safe_name = esc_sql( $name ); 575 575 $value = sanitize_option( $name, $value ); 576 576 … … 655 655 return wp_cache_delete($transient, 'transient'); 656 656 } else { 657 $transient = '_transient_' . $wpdb->escape($transient);657 $transient = '_transient_' . esc_sql($transient); 658 658 return delete_option($transient); 659 659 } … … 683 683 $value = wp_cache_get($transient, 'transient'); 684 684 } else { 685 $transient_option = '_transient_' . $wpdb->escape($transient);685 $transient_option = '_transient_' . esc_sql($transient); 686 686 // If option is not in alloptions, it is not autoloaded and thus has a timeout 687 687 $alloptions = wp_load_alloptions(); 688 688 if ( !isset( $alloptions[$transient_option] ) ) { 689 $transient_timeout = '_transient_timeout_' . $wpdb->escape($transient);689 $transient_timeout = '_transient_timeout_' . esc_sql($transient); 690 690 if ( get_option($transient_timeout) < time() ) { 691 691 delete_option($transient_option); … … 724 724 $transient_timeout = '_transient_timeout_' . $transient; 725 725 $transient = '_transient_' . $transient; 726 $safe_transient = $wpdb->escape($transient);726 $safe_transient = esc_sql($transient); 727 727 if ( false === get_option( $safe_transient ) ) { 728 728 $autoload = 'yes'; … … 1413 1413 $array[$k] = add_magic_quotes( $v ); 1414 1414 } else { 1415 $array[$k] = $wpdb->escape( $v );1415 $array[$k] = esc_sql( $v ); 1416 1416 } 1417 1417 } -
trunk/wp-includes/post.php
r11976 r11978 1753 1753 // Page slugs must be unique within their own trees. Pages are in a 1754 1754 // separate namespace than posts so page slugs are allowed to overlap post slugs. 1755 $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", $wpdb->escape($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1";1755 $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", esc_sql($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1"; 1756 1756 $post_name_check = $wpdb->get_var($wpdb->prepare($check_sql, $slug, $post_ID, $post_parent)); 1757 1757 -
trunk/wp-includes/query.php
r11960 r11978 1757 1757 $searchand = ' AND '; 1758 1758 } 1759 $term = $wpdb->escape($q['s']);1759 $term = esc_sql($q['s']); 1760 1760 if (empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] ) 1761 1761 $search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')"; -
trunk/wp-includes/registration.php
r11930 r11978 294 294 global $wpdb; 295 295 296 $user_login = $wpdb->escape($username);297 $user_email = $wpdb->escape($email);296 $user_login = esc_sql( $username ); 297 $user_email = esc_sql( $email ); 298 298 $user_pass = $password; 299 299 -
trunk/wp-includes/user.php
r11930 r11978 154 154 global $wpdb; 155 155 if ( !$user ) 156 $user = $wpdb->escape($_COOKIE[USER_COOKIE]);156 $user = esc_sql( $_COOKIE[USER_COOKIE] ); 157 157 return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); 158 158 }
Note: See TracChangeset
for help on using the changeset viewer.