WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/2014 12:43:32 AM (7 years ago)
Author:
wonderboymusic
Message:

Replace all uses of like_escape() with $wpdb->esc_like().

Props miqrogroove.
See #10041.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/template.php

    r28681 r28712  
    633633     * @param int $limit Number of custom fields to retrieve. Default 30.
    634634     */
    635     $limit = (int) apply_filters( 'postmeta_form_limit', 30 );
    636     $keys = $wpdb->get_col( "
    637         SELECT meta_key
     635    $limit = apply_filters( 'postmeta_form_limit', 30 );
     636    $sql = "SELECT meta_key
    638637        FROM $wpdb->postmeta
    639638        GROUP BY meta_key
    640         HAVING meta_key NOT LIKE '\_%'
     639        HAVING meta_key NOT LIKE %s
    641640        ORDER BY meta_key
    642         LIMIT $limit" );
     641        LIMIT %d";
     642    $keys = $wpdb->get_col( $wpdb->prepare( $sql, $wpdb->esc_like( '_' ) . '%', $limit ) );
    643643    if ( $keys ) {
    644644        natcasesort( $keys );
Note: See TracChangeset for help on using the changeset viewer.