Changeset 24714
- Timestamp:
- 07/16/2013 02:21:05 PM (11 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/meta.php
r24580 r24714 41 41 global $wpdb; 42 42 43 $column = esc_sql($meta_type . '_id');43 $column = sanitize_key($meta_type . '_id'); 44 44 45 45 // expected_slashed ($meta_key) … … 111 111 global $wpdb; 112 112 113 $column = esc_sql($meta_type . '_id');113 $column = sanitize_key($meta_type . '_id'); 114 114 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 115 115 … … 194 194 global $wpdb; 195 195 196 $type_column = esc_sql($meta_type . '_id');196 $type_column = sanitize_key($meta_type . '_id'); 197 197 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 198 198 // expected_slashed ($meta_key) … … 398 398 return false; 399 399 400 $column = esc_sql($meta_type . '_id');400 $column = sanitize_key($meta_type . '_id'); 401 401 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 402 402 … … 479 479 480 480 // object and id columns 481 $column = esc_sql($meta_type . '_id');481 $column = sanitize_key($meta_type . '_id'); 482 482 $id_column = 'user' == $meta_type ? 'umeta_id' : 'meta_id'; 483 483 … … 529 529 return false; 530 530 531 $column = esc_sql($meta_type . '_id');531 $column = sanitize_key($meta_type . '_id'); 532 532 533 533 global $wpdb; … … 707 707 return false; 708 708 709 $meta_id_column = esc_sql( $type . '_id' );709 $meta_id_column = sanitize_key( $type . '_id' ); 710 710 711 711 $join = array(); -
trunk/wp-includes/taxonomy.php
r24303 r24714 792 792 return; 793 793 794 $resulting_field = esc_sql( $resulting_field );794 $resulting_field = sanitize_key( $resulting_field ); 795 795 796 796 switch ( $query['field'] ) { -
trunk/wp-includes/user.php
r24490 r24714 394 394 $this->query_fields = array(); 395 395 foreach ( $qv['fields'] as $field ) 396 $this->query_fields[] = $wpdb->users . '.' . esc_sql( $field );396 $this->query_fields[] = $wpdb->users . '.' . sanitize_key( $field ); 397 397 $this->query_fields = implode( ',', $this->query_fields ); 398 398 } elseif ( 'all' == $qv['fields'] ) {
Note: See TracChangeset
for help on using the changeset viewer.