Changeset 3587

Timestamp:

03/02/2006 02:49:06 AM (20 years ago)

Author:

ryan

Message:

DB escaping in fix_attachment_links(). #2434

File:

• branches/2.0/wp-admin/admin-functions.php (modified) (3 diffs)

branches/2.0/wp-admin/admin-functions.php

@@ -91 +91 @@
     global $wp_rewrite;
 
-    $post = & get_post($post_ID);
+    $post = & get_post($post_ID, ARRAY_A);
 
     $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
 
     // See if we have any rel="attachment" links
-    if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) )
+    if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) )
         return;
 
@@ -108 +108 @@
 
         // While we have the attachment ID, let's adopt any orphans.
-        $attachment = & get_post($id);
-        if ( ! is_object(get_post($attachment->post_parent)) ) {
-            $attachment->post_parent = $post_ID;
+        $attachment = & get_post($id, ARRAY_A);
+        if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) {
+            $attachment['post_parent'] = $post_ID;
+            // Escape data pulled from DB.
+            $attachment = add_magic_quotes($attachment);
             wp_update_post($attachment);
         }
@@ -119 +121 @@
     }
 
-    $post->post_content = str_replace($post_search, $post_replace, $post->post_content);
+    $post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']);
+
+    // Escape data pulled from DB.
+    $post = add_magic_quotes($post);
 
     return wp_update_post($post);