Make WordPress Core


Ignore:
Timestamp:
06/10/2014 12:43:32 AM (11 years ago)
Author:
wonderboymusic
Message:

Replace all uses of like_escape() with $wpdb->esc_like().

Props miqrogroove.
See #10041.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/query.php

    r28668 r28712  
    19841984        $q['search_orderby_title'] = array();
    19851985        foreach ( $q['search_terms'] as $term ) {
    1986             $term = like_escape( esc_sql( $term ) );
    1987             if ( $n )
    1988                 $q['search_orderby_title'][] = "$wpdb->posts.post_title LIKE '%$term%'";
    1989 
    1990             $search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
     1986            if ( $n ) {
     1987                $like = '%' . $wpdb->esc_like( $term ) . '%';
     1988                $q['search_orderby_title'][] = $wpdb->prepare( "$wpdb->posts.post_title LIKE %s", $like );
     1989            }
     1990
     1991            $like = $n . $wpdb->esc_like( $term ) . $n;
     1992            $search .= $wpdb->prepare( "{$searchand}(($wpdb->posts.post_title LIKE %s) OR ($wpdb->posts.post_content LIKE %s))", $like, $like );
    19911993            $searchand = ' AND ';
    19921994        }
     
    20872089        if ( $q['search_terms_count'] > 1 ) {
    20882090            $num_terms = count( $q['search_orderby_title'] );
    2089             $search_orderby_s = like_escape( esc_sql( $q['s'] ) );
     2091            $like = '%' . $wpdb->esc_like( $q['s'] ) . '%';
    20902092
    20912093            $search_orderby = '(CASE ';
    20922094            // sentence match in 'post_title'
    2093             $search_orderby .= "WHEN $wpdb->posts.post_title LIKE '%{$search_orderby_s}%' THEN 1 ";
     2095            $search_orderby .= $wpdb->prepare( "WHEN $wpdb->posts.post_title LIKE %s THEN 1 ", $like );
    20942096
    20952097            // sanity limit, sort as sentence when more than 6 terms
     
    21042106
    21052107            // sentence match in 'post_content'
    2106             $search_orderby .= "WHEN $wpdb->posts.post_content LIKE '%{$search_orderby_s}%' THEN 4 ";
     2108            $search_orderby .= $wpdb->prepare( "WHEN $wpdb->posts.post_content LIKE %s THEN 4 ", $like );
    21072109            $search_orderby .= 'ELSE 5 END)';
    21082110        } else {
Note: See TracChangeset for help on using the changeset viewer.