Make WordPress Core


Ignore:
Timestamp:
07/29/2013 06:18:58 PM (11 years ago)
Author:
duck_
Message:

Fix potential SQLi through improper use of API functions. For 3.6.

Location:
branches/3.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.6

  • branches/3.6/wp-includes/bookmark.php

    r21829 r24876  
    187187
    188188    if ( ! empty($search) ) {
    189         $search = like_escape($search);
     189        $search = esc_sql( like_escape( $search ) );
    190190        $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
    191191    }
Note: See TracChangeset for help on using the changeset viewer.