Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.1/wp-admin/includes/deprecated.php

    r17293 r18357  
    455455        _deprecated_function( __FUNCTION__, '3.1', 'WP_User_Query' );
    456456
    457         $this->search_term = $search_term;
     457        $this->search_term = stripslashes( $search_term );
    458458        $this->raw_page = ( '' == $page ) ? false : (int) $page;
    459459        $this->page = (int) ( '' == $page ) ? 1 : $page;
     
    486486            $search_sql = 'AND (';
    487487            foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col )
    488                 $searches[] = $col . " LIKE '%$this->search_term%'";
     488                $searches[] = $wpdb->prepare( $col . ' LIKE %s', '%' . like_escape($this->search_term) . '%' );
    489489            $search_sql .= implode(' OR ', $searches);
    490490            $search_sql .= ')';
Note: See TracChangeset for help on using the changeset viewer.