Changeset 39952
- Timestamp:
- 01/26/2017 01:32:24 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-query.php
r39636 r39952 2258 2258 $where .= ' AND 1=0 '; 2259 2259 } else { 2260 $where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", $in_search_post_types) . "')";2260 $where .= " AND {$wpdb->posts}.post_type IN ('" . join( "', '", array_map( 'esc_sql', $in_search_post_types ) ) . "')"; 2261 2261 } 2262 2262 } elseif ( !empty( $post_type ) && is_array( $post_type ) ) { 2263 $where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", $post_type) . "')";2263 $where .= " AND {$wpdb->posts}.post_type IN ('" . join("', '", esc_sql( $post_type ) ) . "')"; 2264 2264 } elseif ( ! empty( $post_type ) ) { 2265 $where .= " AND {$wpdb->posts}.post_type = '$post_type'";2265 $where .= $wpdb->prepare( " AND {$wpdb->posts}.post_type = %s", $post_type ); 2266 2266 $post_type_object = get_post_type_object ( $post_type ); 2267 2267 } elseif ( $this->is_attachment ) {
Note: See TracChangeset
for help on using the changeset viewer.