Changeset 28712 for trunk/src/wp-includes/user.php
- Timestamp:
- 06/10/2014 12:43:32 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/user.php
r28570 r28712 798 798 */ 799 799 protected function get_search_sql( $string, $cols, $wild = false ) { 800 $string = esc_sql( $string );800 global $wpdb; 801 801 802 802 $searches = array(); … … 805 805 foreach ( $cols as $col ) { 806 806 if ( 'ID' == $col ) 807 $searches[] = "$col = '$string'";807 $searches[] = $wpdb->prepare( "$col = %s", $string ); 808 808 else 809 $searches[] = "$col LIKE '$leading_wild" . like_escape($string) . "$trailing_wild'";809 $searches[] = $wpdb->prepare( "$col LIKE %s", $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild ); 810 810 } 811 811 … … 1150 1150 $select_count = array(); 1151 1151 foreach ( $avail_roles as $this_role => $name ) { 1152 $select_count[] = "COUNT(NULLIF(`meta_value` LIKE '%\"" . like_escape( $this_role ) . "\"%', false))";1152 $select_count[] = $wpdb->prepare( "COUNT(NULLIF(`meta_value` LIKE %s, false))", '%' . $wpdb->esc_like( '"' . $this_role . '"' ) . '%'); 1153 1153 } 1154 1154 $select_count = implode(', ', $select_count);
Note: See TracChangeset
for help on using the changeset viewer.