Changeset 37133
- Timestamp:
- 03/30/2016 05:12:08 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/taxonomy.php
r36962 r37133 163 163 * 164 164 * $taxonomies = get_object_taxonomies( 'post' ); 165 * 165 * 166 166 * This results in: 167 * 167 * 168 168 * Array( 'category', 'post_tag' ) 169 169 * … … 748 748 $term_ids = array_map('intval', $term_ids ); 749 749 750 $taxonomies = "'" . implode( "', '", $taxonomies) . "'";750 $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; 751 751 $term_ids = "'" . implode( "', '", $term_ids ) . "'"; 752 752 … … 953 953 } 954 954 955 $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE $_field = %s $tax_clause LIMIT 1", $value ));955 $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE $_field = %s", $value ) . " $tax_clause LIMIT 1" ); 956 956 if ( ! $term ) 957 957 return false; … … 1358 1358 1359 1359 if ( $taxonomies ) { 1360 $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";1360 $where_conditions[] = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')"; 1361 1361 } 1362 1362 … … 2545 2545 $taxonomy_array = $taxonomies; 2546 2546 $object_id_array = $object_ids; 2547 $taxonomies = "'" . implode("', '", $taxonomies) . "'";2547 $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; 2548 2548 $object_ids = implode(', ', $object_ids); 2549 2549
Note: See TracChangeset
for help on using the changeset viewer.