WordPress.org

Make WordPress Core

Changeset 12640


Ignore:
Timestamp:
01/07/10 08:02:52 (4 years ago)
Author:
westi
Message:

Use like_escape to make safe search string for like queries.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-sites.php

    r12639 r12640  
    312312        $num = ( isset($_GET['num'] ) && intval( $_GET['num'] ) ) ? absint( $_GET['num'] ) : 15;  
    313313        $s = wp_specialchars( trim( $_GET[ 's' ] ) ); 
    314  
     314        $like_s = like_escape($s); 
     315         
    315316        $query = "SELECT * FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' "; 
    316317 
    317318        if( isset($_GET['blog_name']) ) { 
    318             $query .= " AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) "; 
     319            $query .= " AND ( {$wpdb->blogs}.domain LIKE '%{$like_s}%' OR {$wpdb->blogs}.path LIKE '%{$like_s}%' ) "; 
    319320        } elseif( isset($_GET['blog_id']) ) { 
    320321            $query .= " AND   blog_id = '". absint( $_GET['blog_id'] )."' "; 
     
    324325                WHERE site_id = '{$wpdb->siteid}' 
    325326                AND {$wpdb->blogs}.blog_id = {$wpdb->registration_log}.blog_id 
    326                 AND {$wpdb->registration_log}.IP LIKE ('%{$s}%')"; 
     327                AND {$wpdb->registration_log}.IP LIKE ('%{$like_s}%')"; 
    327328        } 
    328329 
Note: See TracChangeset for help on using the changeset viewer.