Make WordPress Core


Ignore:
Timestamp:
07/16/2013 02:19:03 PM (12 years ago)
Author:
nacin
Message:

Use wp_slash() in places where we improperly used the DB API instead. see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-comments-post.php

    r23554 r24713  
    5858    if ( empty( $user->display_name ) )
    5959        $user->display_name=$user->user_login;
    60     $comment_author       = $wpdb->escape($user->display_name);
    61     $comment_author_email = $wpdb->escape($user->user_email);
    62     $comment_author_url   = $wpdb->escape($user->user_url);
     60    $comment_author       = wp_slash( $user->display_name );
     61    $comment_author_email = wp_slash( $user->user_email );
     62    $comment_author_url   = wp_slash( $user->user_url );
    6363    if ( current_user_can('unfiltered_html') ) {
    6464        if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
Note: See TracChangeset for help on using the changeset viewer.