Make WordPress Core

Changeset 24713


Ignore:
Timestamp:
07/16/2013 02:19:03 PM (11 years ago)
Author:
nacin
Message:

Use wp_slash() in places where we improperly used the DB API instead. see #21767.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r24707 r24713  
    740740    if ( $user->exists() ) {
    741741        $user_ID = $user->ID;
    742         $comment_author       = $wpdb->escape($user->display_name);
    743         $comment_author_email = $wpdb->escape($user->user_email);
    744         $comment_author_url   = $wpdb->escape($user->user_url);
     742        $comment_author       = wp_slash( $user->display_name );
     743        $comment_author_email = wp_slash( $user->user_email );
     744        $comment_author_url   = wp_slash( $user->user_url );
    745745        $comment_content      = trim($_POST['content']);
    746746        if ( current_user_can( 'unfiltered_html' ) ) {
  • trunk/wp-admin/includes/post.php

    r24593 r24713  
    647647            return false;
    648648
    649         $metakey = esc_sql( $metakey );
     649        $metakey = wp_slash( $metakey );
    650650
    651651        return add_post_meta( $post_ID, $metakey, $metavalue );
  • trunk/wp-comments-post.php

    r23554 r24713  
    5858    if ( empty( $user->display_name ) )
    5959        $user->display_name=$user->user_login;
    60     $comment_author       = $wpdb->escape($user->display_name);
    61     $comment_author_email = $wpdb->escape($user->user_email);
    62     $comment_author_url   = $wpdb->escape($user->user_url);
     60    $comment_author       = wp_slash( $user->display_name );
     61    $comment_author_email = wp_slash( $user->user_email );
     62    $comment_author_url   = wp_slash( $user->user_url );
    6363    if ( current_user_can('unfiltered_html') ) {
    6464        if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
  • trunk/wp-includes/comment.php

    r24490 r24713  
    14931493
    14941494    // Escape data pulled from DB.
    1495     $comment = esc_sql($comment);
     1495    $comment = wp_slash($comment);
    14961496
    14971497    $old_status = $comment['comment_approved'];
Note: See TracChangeset for help on using the changeset viewer.