Changeset 16999

Timestamp:

12/16/2010 02:22:41 PM (14 years ago)

Author:

ryan

Message:

Add like_escape() to some queries. fixes #15764

Location:

trunk

Files:

• wp-admin/admin-ajax.php (modified) (1 diff)
• wp-includes/canonical.php (modified) (1 diff)
• wp-includes/class-wp-xmlrpc-server.php (modified) (1 diff)
• wp-includes/comment.php (modified) (1 diff)
• wp-includes/functions.php (modified) (2 diffs)
• wp-includes/query.php (modified) (1 diff)
• wp-includes/taxonomy.php (modified) (1 diff)

trunk/wp-admin/admin-ajax.php

@@ -1256 +1256 @@
     $searchand = $search = '';
     foreach ( (array) $search_terms as $term ) {
-        $term = addslashes_gpc($term);
+        $term = esc_sql( like_escape( $term ) );
         $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
         $searchand = ' AND ';
     }
-    $term = $wpdb->escape($s);
+    $term = esc_sql( like_escape( $s ) );
     if ( count($search_terms) > 1 && $search_terms[0] != $s )
         $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";

trunk/wp-includes/canonical.php

@@ -386 +386 @@
         return false;
 
-    $where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%');
+    $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%');
 
     // if any of post_type, year, monthnum, or day are set, use them to refine the query

trunk/wp-includes/class-wp-xmlrpc-server.php

@@ -3368 +3368 @@
                 // ...or a string #title, a little more complicated
                 $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
-                $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
+                $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", like_escape( $title ) );
                 if (! ($post_ID = $wpdb->get_var($sql)) ) {
                     // returning unknown error '0' is better than die()ing

trunk/wp-includes/comment.php

@@ -346 +346 @@
      */
     function get_search_sql( $string, $cols ) {
-        $string = esc_sql( $string );
+        $string = esc_sql( like_escape( $string ) );
 
         $searches = array();

trunk/wp-includes/functions.php

@@ -1207 +1207 @@
     foreach ( $pung as $link_test ) {
         if ( !in_array( $link_test, $post_links_temp[0] ) ) { // link no longer in post
-            $mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $link_test . '%') );
+            $mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') );
             do_action( 'delete_postmeta', $mid );
             $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $mid ) ) );
@@ -1227 +1227 @@
 
     foreach ( (array) $post_links as $url ) {
-        if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) {
+        if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $url ) . '%' ) ) ) {
 
             if ( $headers = wp_get_http_headers( $url) ) {

trunk/wp-includes/query.php

@@ -2046 +2046 @@
             $searchand = '';
             foreach( (array) $q['search_terms'] as $term ) {
-                $term = addslashes_gpc($term);
+                $term = esc_sql( like_escape( $term ) );
                 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
                 $searchand = ' AND ';
             }
-            $term = esc_sql($q['s']);
+            $term = esc_sql( like_escape( $q['s'] ) );
             if ( empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
                 $search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";

trunk/wp-includes/taxonomy.php

@@ -1238 +1238 @@
 
     if ( !empty($name__like) )
-        $where .= " AND t.name LIKE '{$name__like}%'";
+        $where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'";
 
     if ( '' !== $parent ) {