WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
06/10/2014 12:43:32 AM (10 years ago)
Author:
wonderboymusic
Message:

Replace all uses of like_escape() with $wpdb->esc_like().

Props miqrogroove.
See #10041.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/user.php

    r28570 r28712  
    798798     */
    799799    protected function get_search_sql( $string, $cols, $wild = false ) {
    800         $string = esc_sql( $string );
     800        global $wpdb;
    801801
    802802        $searches = array();
     
    805805        foreach ( $cols as $col ) {
    806806            if ( 'ID' == $col )
    807                 $searches[] = "$col = '$string'";
     807                $searches[] = $wpdb->prepare( "$col = %s", $string );
    808808            else
    809                 $searches[] = "$col LIKE '$leading_wild" . like_escape($string) . "$trailing_wild'";
     809                $searches[] = $wpdb->prepare( "$col LIKE %s", $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild );
    810810        }
    811811
     
    11501150        $select_count = array();
    11511151        foreach ( $avail_roles as $this_role => $name ) {
    1152             $select_count[] = "COUNT(NULLIF(`meta_value` LIKE '%\"" . like_escape( $this_role ) . "\"%', false))";
     1152            $select_count[] = $wpdb->prepare( "COUNT(NULLIF(`meta_value` LIKE %s, false))", '%' . $wpdb->esc_like( '"' . $this_role . '"' ) . '%');
    11531153        }
    11541154        $select_count = implode(', ', $select_count);
Note: See TracChangeset for help on using the changeset viewer.