WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/2014 12:43:32 AM (7 years ago)
Author:
wonderboymusic
Message:

Replace all uses of like_escape() with $wpdb->esc_like().

Props miqrogroove.
See #10041.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-ms-sites-list-table.php

    r28493 r28712  
    3939        }
    4040
    41         $like_s = esc_sql( like_escape( $s ) );
    42 
    4341        // If the network is large and a search is not being performed, show only the latest blogs with no paging in order
    4442        // to avoid expensive count queries.
     
    5957                    preg_match( '/^[0-9]{1,3}\.$/', $s ) ) {
    6058            // IPv4 address
    61             $reg_blog_ids = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->registration_log} WHERE {$wpdb->registration_log}.IP LIKE ( '{$like_s}$wild' )" );
     59            $sql = $wpdb->prepare( "SELECT blog_id FROM {$wpdb->registration_log} WHERE {$wpdb->registration_log}.IP LIKE %s", $wpdb->esc_like( $s ) . $wild );
     60            $reg_blog_ids = $wpdb->get_col( $sql );
    6261
    6362            if ( !$reg_blog_ids )
     
    7069        } else {
    7170            if ( is_numeric($s) && empty( $wild ) ) {
    72                 $query .= " AND ( {$wpdb->blogs}.blog_id = '{$like_s}' )";
     71                $query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.blog_id = %s )", $s );
    7372            } elseif ( is_subdomain_install() ) {
    74                 $blog_s = str_replace( '.' . $current_site->domain, '', $like_s );
    75                 $blog_s .= $wild . '.' . $current_site->domain;
    76                 $query .= " AND ( {$wpdb->blogs}.domain LIKE '$blog_s' ) ";
     73                $blog_s = str_replace( '.' . $current_site->domain, '', $s );
     74                $blog_s = $wpdb->esc_like( $blog_s ) . $wild . $wpdb->esc_like( '.' . $current_site->domain );
     75                $query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.domain LIKE %s ) ", $blog_s );
    7776            } else {
    78                 if ( $like_s != trim('/', $current_site->path) )
    79                     $blog_s = $current_site->path . $like_s . $wild . '/';
    80                 else
    81                     $blog_s = $like_s;
    82                 $query .= " AND  ( {$wpdb->blogs}.path LIKE '$blog_s' )";
     77                if ( $s != trim('/', $current_site->path) ) {
     78                    $blog_s = $wpdb->esc_like( $current_site->path . $s ) . $wild . $wpdb->esc_like( '/' );
     79                } else {
     80                    $blog_s = $wpdb->esc_like( $s );
     81                }
     82                $query .= $wpdb->prepare( " AND  ( {$wpdb->blogs}.path LIKE %s )", $blog_s );
    8383            }
    8484        }
Note: See TracChangeset for help on using the changeset viewer.