Make WordPress Core


Ignore:
Timestamp:
12/16/2010 02:22:41 PM (14 years ago)
Author:
ryan
Message:

Add like_escape() to some queries. fixes #15764

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/query.php

    r16947 r16999  
    20462046            $searchand = '';
    20472047            foreach( (array) $q['search_terms'] as $term ) {
    2048                 $term = addslashes_gpc($term);
     2048                $term = esc_sql( like_escape( $term ) );
    20492049                $search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
    20502050                $searchand = ' AND ';
    20512051            }
    2052             $term = esc_sql($q['s']);
     2052            $term = esc_sql( like_escape( $q['s'] ) );
    20532053            if ( empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
    20542054                $search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";
Note: See TracChangeset for help on using the changeset viewer.