WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/16/2013 02:19:03 PM (8 years ago)
Author:
nacin
Message:

Use wp_slash() in places where we improperly used the DB API instead. see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/ajax-actions.php

    r24707 r24713  
    740740    if ( $user->exists() ) {
    741741        $user_ID = $user->ID;
    742         $comment_author       = $wpdb->escape($user->display_name);
    743         $comment_author_email = $wpdb->escape($user->user_email);
    744         $comment_author_url   = $wpdb->escape($user->user_url);
     742        $comment_author       = wp_slash( $user->display_name );
     743        $comment_author_email = wp_slash( $user->user_email );
     744        $comment_author_url   = wp_slash( $user->user_url );
    745745        $comment_content      = trim($_POST['content']);
    746746        if ( current_user_can( 'unfiltered_html' ) ) {
Note: See TracChangeset for help on using the changeset viewer.