WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/16/2013 02:21:05 PM (8 years ago)
Author:
nacin
Message:

Use sanitize_key() instead of esc_sql() when 'escaping' variable DB field names. see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/taxonomy.php

    r24303 r24714  
    792792            return;
    793793
    794         $resulting_field = esc_sql( $resulting_field );
     794        $resulting_field = sanitize_key( $resulting_field );
    795795
    796796        switch ( $query['field'] ) {
Note: See TracChangeset for help on using the changeset viewer.