Changeset 16999 for trunk/wp-admin/admin-ajax.php

Timestamp:

12/16/2010 02:22:41 PM (15 years ago)

Author:

ryan

Message:

Add like_escape() to some queries. fixes #15764

File:

• trunk/wp-admin/admin-ajax.php (modified) (1 diff)

trunk/wp-admin/admin-ajax.php

@@ -1256 +1256 @@
     $searchand = $search = '';
     foreach ( (array) $search_terms as $term ) {
-        $term = addslashes_gpc($term);
+        $term = esc_sql( like_escape( $term ) );
         $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
         $searchand = ' AND ';
     }
-    $term = $wpdb->escape($s);
+    $term = esc_sql( like_escape( $s ) );
     if ( count($search_terms) > 1 && $search_terms[0] != $s )
         $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";