WordPress.org

Make WordPress Core

Changeset 12640


Ignore:
Timestamp:
01/07/2010 08:02:52 AM (12 years ago)
Author:
westi
Message:

Use like_escape to make safe search string for like queries.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-sites.php

    r12639 r12640  
    312312        $num = ( isset($_GET['num'] ) && intval( $_GET['num'] ) ) ? absint( $_GET['num'] ) : 15;
    313313        $s = wp_specialchars( trim( $_GET[ 's' ] ) );
    314 
     314        $like_s = like_escape($s);
     315       
    315316        $query = "SELECT * FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' ";
    316317
    317318        if( isset($_GET['blog_name']) ) {
    318             $query .= " AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) ";
     319            $query .= " AND ( {$wpdb->blogs}.domain LIKE '%{$like_s}%' OR {$wpdb->blogs}.path LIKE '%{$like_s}%' ) ";
    319320        } elseif( isset($_GET['blog_id']) ) {
    320321            $query .= " AND   blog_id = '". absint( $_GET['blog_id'] )."' ";
     
    324325                WHERE site_id = '{$wpdb->siteid}'
    325326                AND {$wpdb->blogs}.blog_id = {$wpdb->registration_log}.blog_id
    326                 AND {$wpdb->registration_log}.IP LIKE ('%{$s}%')";
     327                AND {$wpdb->registration_log}.IP LIKE ('%{$like_s}%')";
    327328        }
    328329
Note: See TracChangeset for help on using the changeset viewer.