Changeset 31367 for trunk/src/wp-includes/taxonomy.php
- Timestamp:
- 02/08/2015 01:58:51 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/taxonomy.php
r31365 r31367 1233 1233 * context is 'db'. 1234 1234 */ 1235 $term = "'" . sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db') . "'";1235 $term = "'" . esc_sql( sanitize_term_field( $query['field'], $term, 0, $query['taxonomy'], 'db' ) ) . "'"; 1236 1236 } 1237 1237 … … 1843 1843 if ( is_array( $args['name'] ) ) { 1844 1844 $name = array_map( 'sanitize_text_field', $args['name'] ); 1845 $where .= " AND t.name IN ('" . implode( "', '", $name) . "')";1845 $where .= " AND t.name IN ('" . implode( "', '", array_map( 'esc_sql', $name ) ) . "')"; 1846 1846 } else { 1847 1847 $name = sanitize_text_field( $args['name'] );
Note: See TracChangeset
for help on using the changeset viewer.