Changeset 37140
- Timestamp:
- 03/30/2016 05:37:45 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.9/src/wp-includes/taxonomy.php
r27837 r37140 596 596 $term_ids = array_map('intval', $term_ids ); 597 597 598 $taxonomies = "'" . implode( "', '", $taxonomies) . "'";598 $taxonomies = "'" . implode( "', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; 599 599 $term_ids = "'" . implode( "', '", $term_ids ) . "'"; 600 600 … … 1397 1397 $order = 'ASC'; 1398 1398 1399 $where = "tt.taxonomy IN ('" . implode("', '", $taxonomies) . "')";1399 $where = "tt.taxonomy IN ('" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "')"; 1400 1400 $inclusions = ''; 1401 1401 if ( ! empty( $include ) ) { … … 2255 2255 $order = 'ASC'; 2256 2256 2257 $taxonomies = "'" . implode("', '", $taxonomies) . "'";2257 $taxonomies = "'" . implode("', '", array_map( 'esc_sql', $taxonomies ) ) . "'"; 2258 2258 $object_ids = implode(', ', $object_ids); 2259 2259
Note: See TracChangeset
for help on using the changeset viewer.