WordPress.org

Make WordPress Core

Changeset 5830


Ignore:
Timestamp:
08/01/07 19:14:28 (7 years ago)
Author:
markjaquith
Message:

add_option()/update_option() should pass the option name to get_option() pre-escaped. fixes #4690 for 2.2.x

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/wp-includes/functions.php

    r5789 r5830  
    204204/* Options functions */ 
    205205 
     206// expects $setting to already be SQL-escaped 
    206207function get_option($setting) { 
    207208    global $wpdb; 
     
    303304} 
    304305 
     306// expects $option_name to NOT be SQL-escaped 
    305307function update_option($option_name, $newvalue) { 
    306308    global $wpdb; 
     
    308310    wp_protect_special_option($option_name); 
    309311 
     312    $safe_option_name = $wpdb->escape($option_name); 
     313 
    310314    if ( is_string($newvalue) ) 
    311315        $newvalue = trim($newvalue); 
    312316 
    313317    // If the new and old values are the same, no need to update. 
    314     $oldvalue = get_option($option_name); 
     318    $oldvalue = get_option($safe_option_name); 
    315319    if ( $newvalue === $oldvalue ) { 
    316320        return false; 
     
    350354 
    351355// thx Alex Stapleton, http://alex.vort-x.net/blog/ 
     356// expects $name to NOT be SQL-escaped 
    352357function add_option($name, $value = '', $description = '', $autoload = 'yes') { 
    353358    global $wpdb; 
    354359 
    355360    wp_protect_special_option($name); 
     361    $safe_name = $wpdb->escape($name); 
    356362 
    357363    // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query 
    358364    $notoptions = wp_cache_get('notoptions', 'options'); 
    359365    if ( !is_array($notoptions) || !isset($notoptions[$name]) ) 
    360         if ( false !== get_option($name) ) 
     366        if ( false !== get_option($safe_name) ) 
    361367            return; 
    362368 
Note: See TracChangeset for help on using the changeset viewer.