Make WordPress Core

Changeset 24715


Ignore:
Timestamp:
07/16/2013 02:23:29 PM (11 years ago)
Author:
nacin
Message:

More clear and concise escaping in get_page_by_path(). see #21767.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r24598 r24715  
    34183418    $page_path = str_replace('%20', ' ', $page_path);
    34193419    $parts = explode( '/', trim( $page_path, '/' ) );
    3420     $parts = array_map( 'esc_sql', $parts );
     3420    $parts = esc_sql( $parts );
    34213421    $parts = array_map( 'sanitize_title_for_query', $parts );
    34223422
    34233423    $in_string = "'". implode( "','", $parts ) . "'";
    3424     $post_type_sql = $post_type;
    3425     $wpdb->escape_by_ref( $post_type_sql );
     3424    $post_type_sql = esc_sql( $post_type );
    34263425    $pages = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K );
    34273426
Note: See TracChangeset for help on using the changeset viewer.