Changeset 18357
- Timestamp:
- 06/27/2011 09:38:51 PM (13 years ago)
- Location:
- branches/3.1
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.1
-
branches/3.1/wp-admin/includes/deprecated.php
r17293 r18357 455 455 _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' ); 456 456 457 $this->search_term = $search_term;457 $this->search_term = stripslashes( $search_term ); 458 458 $this->raw_page = ( '' == $page ) ? false : (int) $page; 459 459 $this->page = (int) ( '' == $page ) ? 1 : $page; … … 486 486 $search_sql = 'AND ('; 487 487 foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col ) 488 $searches[] = $ col . " LIKE '%$this->search_term%'";488 $searches[] = $wpdb->prepare( $col . ' LIKE %s', '%' . like_escape($this->search_term) . '%' ); 489 489 $search_sql .= implode(' OR ', $searches); 490 490 $search_sql .= ')'; -
branches/3.1/wp-includes/post.php
r18023 r18357 3422 3422 $where_post_type = $wpdb->prepare( "post_type = '%s' AND post_status = '%s'", $post_type, $post_status ); 3423 3423 3424 $orderby_array = array(); 3425 $allowed_keys = array('author', 'post_author', 'date', 'post_date', 'title', 'post_title', 'modified', 3426 'post_modified', 'modified_gmt', 'post_modified_gmt', 'menu_order', 'parent', 'post_parent', 3427 'ID', 'rand', 'comment_count'); 3428 foreach ( explode( ',', $sort_column ) as $orderby ) { 3429 $orderby = trim( $orderby ); 3430 if ( !in_array( $orderby, $allowed_keys ) ) 3431 continue; 3432 3433 switch ( $orderby ) { 3434 case 'menu_order': 3435 break; 3436 case 'ID': 3437 $orderby = "$wpdb->posts.ID"; 3438 break; 3439 case 'rand': 3440 $orderby = 'RAND()'; 3441 break; 3442 case 'comment_count': 3443 $orderby = "$wpdb->posts.comment_count"; 3444 break; 3445 default: 3446 if ( 0 === strpos( $orderby, 'post_' ) ) 3447 $orderby = "$wpdb->posts." . $orderby; 3448 else 3449 $orderby = "$wpdb->posts.post_" . $orderby; 3450 } 3451 3452 $orderby_array[] = $orderby; 3453 3454 } 3455 $sort_column = ! empty( $orderby_array ) ? implode( ',', $orderby_array ) : "$wpdb->posts.post_title"; 3456 3457 $sort_order = strtoupper( $sort_order ); 3458 if ( '' !== $sort_order && !in_array( $sort_order, array( 'ASC', 'DESC' ) ) ) 3459 $sort_order = 'ASC'; 3460 3424 3461 $query = "SELECT * FROM $wpdb->posts $join WHERE ($where_post_type) $where "; 3425 3462 $query .= $author_query; -
branches/3.1/wp-includes/wp-db.php
r17547 r18357 645 645 if ( null === $blog_id ) 646 646 $blog_id = $this->blogid; 647 $blog_id = (int) $blog_id; 647 648 if ( defined( 'MULTISITE' ) && ( 0 == $blog_id || 1 == $blog_id ) ) 648 649 return $this->base_prefix;
Note: See TracChangeset
for help on using the changeset viewer.