Changeset 3740 for trunk/wp-includes/functions-post.php

Timestamp:

04/22/2006 12:02:00 AM (19 years ago)

Author:

ryan

Message:

Add some prophylactic int casts and quoting.

File:

• trunk/wp-includes/functions-post.php (modified) (3 diffs)

trunk/wp-includes/functions-post.php

@@ -366 +366 @@
     $postid = (int) $postid;
 
-    if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+    if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
         return $post;
 
@@ -375 +375 @@
     $file = get_post_meta($postid, '_wp_attached_file', true);
 
-    $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
-
-    $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
-
-    $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
-
-    $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+    $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
+
+    $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
+
+    $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
+
+    $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
 
     if ( ! empty($meta['thumb']) ) {
         // Don't delete the thumb if another attachment uses it
-        if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+        if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
             @ unlink(str_replace(basename($file), $meta['thumb'], $file));
     }
@@ -482 +482 @@
     global $wpdb;
 
+    $post_ID = (int) $post_ID;
+
     $sql = "SELECT category_id 
         FROM $wpdb->post2cat 
-        WHERE post_id = $post_ID 
+        WHERE post_id = '$post_ID' 
         ORDER BY category_id";