Make WordPress Core

Changeset 11978


Ignore:
Timestamp:
09/27/2009 05:33:56 AM (15 years ago)
Author:
markjaquith
Message:

esc_sql() for wp-includes

Location:
trunk/wp-includes
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment.php

    r11971 r11978  
    12301230
    12311231    // Escape data pulled from DB.
    1232     $comment = $wpdb->escape($comment);
     1232    $comment = esc_sql($comment);
    12331233
    12341234    $old_status = $comment['comment_approved'];
  • trunk/wp-includes/formatting.php

    r11935 r11978  
    11111111    }
    11121112
    1113     return $wpdb->escape($gpc);
     1113    return esc_sql($gpc);
    11141114}
    11151115
     
    12811281    $text = stripslashes($text);
    12821282    $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
    1283     $text = $wpdb->escape($text);
     1283    $text = esc_sql($text);
    12841284    return $text;
    12851285}
  • trunk/wp-includes/functions.php

    r11971 r11978  
    498498    wp_protect_special_option( $option_name );
    499499
    500     $safe_option_name = $wpdb->escape( $option_name );
     500    $safe_option_name = esc_sql( $option_name );
    501501    $newvalue = sanitize_option( $option_name, $newvalue );
    502502
     
    572572
    573573    wp_protect_special_option( $name );
    574     $safe_name = $wpdb->escape( $name );
     574    $safe_name = esc_sql( $name );
    575575    $value = sanitize_option( $name, $value );
    576576
     
    655655        return wp_cache_delete($transient, 'transient');
    656656    } else {
    657         $transient = '_transient_' . $wpdb->escape($transient);
     657        $transient = '_transient_' . esc_sql($transient);
    658658        return delete_option($transient);
    659659    }
     
    683683        $value = wp_cache_get($transient, 'transient');
    684684    } else {
    685         $transient_option = '_transient_' . $wpdb->escape($transient);
     685        $transient_option = '_transient_' . esc_sql($transient);
    686686        // If option is not in alloptions, it is not autoloaded and thus has a timeout
    687687        $alloptions = wp_load_alloptions();
    688688        if ( !isset( $alloptions[$transient_option] ) ) {
    689             $transient_timeout = '_transient_timeout_' . $wpdb->escape($transient);
     689            $transient_timeout = '_transient_timeout_' . esc_sql($transient);
    690690            if ( get_option($transient_timeout) < time() ) {
    691691                delete_option($transient_option);
     
    724724        $transient_timeout = '_transient_timeout_' . $transient;
    725725        $transient = '_transient_' . $transient;
    726         $safe_transient = $wpdb->escape($transient);
     726        $safe_transient = esc_sql($transient);
    727727        if ( false === get_option( $safe_transient ) ) {
    728728            $autoload = 'yes';
     
    14131413            $array[$k] = add_magic_quotes( $v );
    14141414        } else {
    1415             $array[$k] = $wpdb->escape( $v );
     1415            $array[$k] = esc_sql( $v );
    14161416        }
    14171417    }
  • trunk/wp-includes/post.php

    r11976 r11978  
    17531753        // Page slugs must be unique within their own trees.  Pages are in a
    17541754        // separate namespace than posts so page slugs are allowed to overlap post slugs.
    1755         $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", $wpdb->escape($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1";
     1755        $check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", esc_sql($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1";
    17561756        $post_name_check = $wpdb->get_var($wpdb->prepare($check_sql, $slug, $post_ID, $post_parent));
    17571757
  • trunk/wp-includes/query.php

    r11960 r11978  
    17571757                $searchand = ' AND ';
    17581758            }
    1759             $term = $wpdb->escape($q['s']);
     1759            $term = esc_sql($q['s']);
    17601760            if (empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
    17611761                $search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";
  • trunk/wp-includes/registration.php

    r11930 r11978  
    294294    global $wpdb;
    295295
    296     $user_login = $wpdb->escape($username);
    297     $user_email = $wpdb->escape($email);
     296    $user_login = esc_sql( $username );
     297    $user_email = esc_sql( $email    );
    298298    $user_pass = $password;
    299299
  • trunk/wp-includes/user.php

    r11930 r11978  
    154154    global $wpdb;
    155155    if ( !$user )
    156         $user = $wpdb->escape($_COOKIE[USER_COOKIE]);
     156        $user = esc_sql( $_COOKIE[USER_COOKIE] );
    157157    return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
    158158}
Note: See TracChangeset for help on using the changeset viewer.