Changeset 1533 for trunk/wp-includes/classes.php

Timestamp:

08/14/2004 04:08:57 PM (22 years ago)

Author:

rboren

Message:

Use sanitize_title() to process post, page, author, and category names in the query.

File:

• trunk/wp-includes/classes.php (modified) (3 diffs)

trunk/wp-includes/classes.php

@@ -219 +219 @@
 
         if ('' != $q['name']) {
-            $q['name'] = preg_replace('/[^a-z0-9-_]/', '', $q['name']);
+        $q['name'] = sanitize_title($q['name']);
             $where .= " AND post_name = '" . $q['name'] . "'";
         } else if ('' != $q['pagename']) {
         // If pagename is set, set static to true and set name to pagename.
-        $q['pagename'] = preg_replace('/[^a-z0-9-_]/', '', $q['pagename']);
+        $q['pagename'] = sanitize_title($q['pagename']);
         $q['name'] = $q['pagename'];
         $q['static'] = true;
@@ -317 +317 @@
                 }
             }
-            $q['category_name'] = preg_replace('|[^a-z0-9-_]|i', '', $q['category_name']);
+            $q['category_name'] = sanitize_title($q['category_name']);
             $tables = ", $wpdb->post2cat, $wpdb->categories";
             $join = " LEFT JOIN $wpdb->post2cat ON ($wpdb->posts.ID = $wpdb->post2cat.post_id) LEFT JOIN $wpdb->categories ON ($wpdb->post2cat.category_id = $wpdb->categories.cat_ID) ";
@@ -361 +361 @@
                 }
             }
-            $q['author_name'] = preg_replace('|[^a-z0-9-_]|', '', strtolower($q['author_name']));
+            $q['author_name'] = sanitize_title($q['author_name']);
             $q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'");
             $whichauthor .= ' AND (post_author = '.intval($q['author']).')';