WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/12/2007 02:58:41 AM (11 years ago)
Author:
ryan
Message:

Stripslashes post meta values before handing off to add_post_meta. Use wpdb::escape instead of addslashes. Props takayukister. fixes #4028

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/import/wordpress.php

    r5247 r5249  
    3636
    3737    function get_tag( $string, $tag ) {
     38        global $wpdb;
    3839        preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
    39         $return = addslashes( trim( $return[1] ) );
     40        $return = $wpdb->escape( trim( $return[1] ) );
    4041        return $return;
    4142    }
     
    337338            $key   = $this->get_tag( $p, 'wp:meta_key' );
    338339            $value = $this->get_tag( $p, 'wp:meta_value' );
     340            $value = stripslashes($value); // add_post_meta() will escape.
    339341            add_post_meta( $post_id, $key, $value );
    340342        } }
Note: See TracChangeset for help on using the changeset viewer.