WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/16/2010 02:22:41 PM (10 years ago)
Author:
ryan
Message:

Add like_escape() to some queries. fixes #15764

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/canonical.php

    r16928 r16999  
    386386        return false;
    387387
    388     $where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%');
     388    $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%');
    389389
    390390    // if any of post_type, year, monthnum, or day are set, use them to refine the query
Note: See TracChangeset for help on using the changeset viewer.