WordPress.org

Make WordPress Core

Changeset 6180


Ignore:
Timestamp:
10/02/07 18:45:47 (8 years ago)
Author:
markjaquith
Message:

prepare() for wp-includes/ link-template.php, post.php, general-template.php, pluggable.php, functions.php. see #4553

Location:
trunk/wp-includes
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/functions.php

    r6153 r6180  
    200200            if ( defined('WP_INSTALLING') ) 
    201201                $wpdb->hide_errors(); 
     202            // expected_slashed ($setting) 
    202203            $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1"); 
    203204            if ( defined('WP_INSTALLING') ) 
     
    316317    } 
    317318 
    318     $newvalue = $wpdb->escape($newvalue); 
    319     $option_name = $wpdb->escape($option_name); 
    320     $wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'"); 
     319    $wpdb->query($wpdb->prepare("UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name)); 
    321320    if ( $wpdb->rows_affected == 1 ) { 
    322321        do_action("update_option_{$option_name}", $oldvalue, $_newvalue); 
     
    358357    } 
    359358 
    360     $name = $wpdb->escape($name); 
    361     $value = $wpdb->escape($value); 
    362     $wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES ('$name', '$value', '$autoload')"); 
     359    $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload)); 
    363360 
    364361    return; 
     
    371368 
    372369    // Get the ID, if no ID then return 
     370    // expected_slashed ($name) 
    373371    $option = $wpdb->get_row("SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'"); 
    374372    if ( !$option->option_id ) return false; 
     373    // expected_slashed ($name) 
    375374    $wpdb->query("DELETE FROM $wpdb->options WHERE option_name = '$name'"); 
    376375    if ( 'yes' == $option->autoload ) { 
     
    515514 
    516515    foreach ($post_links as $url) : 
    517         if ( $url != '' && !$wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) { 
     516        if ( $url != '' && !$wpdb->get_var($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url.'%')) ) { 
    518517            if ( $headers = wp_get_http_headers( $url) ) { 
    519518                $len = (int) $headers['content-length']; 
     
    522521                if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 
    523522                    $meta_value = "$url\n$len\n$type\n"; 
    524                     $wpdb->query( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) 
    525                     VALUES ( '$post_ID', 'enclosure' , '$meta_value')" ); 
     523                    $wpdb->query($wpdb->prepare("INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) 
     524                    VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value)); 
    526525                } 
    527526            } 
  • trunk/wp-includes/general-template.php

    r6148 r6180  
    209209    if ( !empty($author_name) ) { 
    210210        // We do a direct query here because we don't cache by nicename. 
    211         $title = $wpdb->get_var("SELECT display_name FROM $wpdb->users WHERE user_nicename = '$author_name'"); 
     211        $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); 
    212212    } 
    213213 
     
    256256    if ( intval($p) || '' != $name ) { 
    257257        if ( !$p ) 
    258             $p = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_name = '$name'"); 
     258            $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); 
    259259        $post = & get_post($p); 
    260260        $title = $post->post_title; 
     
    364364 
    365365    if ( '' != $limit ) { 
    366         $limit = (int) $limit; 
     366        $limit = abs(intval($limit)); 
    367367        $limit = ' LIMIT '.$limit; 
    368368    } 
  • trunk/wp-includes/link-template.php

    r6152 r6180  
    368368        $join = " INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id "; 
    369369        $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=tt_ids'); 
    370         $join .= ' AND (tr.term_taxonomy_id = ' . intval($cat_array[0]); 
     370        $join .= $wpdb->prepare(' AND (tr.term_taxonomy_id = %d', $cat_array[0]); 
    371371        for ( $i = 1; $i < (count($cat_array)); $i++ ) { 
    372             $join .= ' OR tr.term_taxonomy_id = ' . intval($cat_array[$i]); 
     372            $join .= $wpdb->prepare(' OR tr.term_taxonomy_id = %d', $cat_array[$i]); 
    373373        } 
    374374        $join .= ')'; 
     
    383383 
    384384    $join  = apply_filters( 'get_previous_post_join', $join, $in_same_cat, $excluded_categories ); 
    385     $where = apply_filters( 'get_previous_post_where', "WHERE p.post_date < '$current_post_date' AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $in_same_cat, $excluded_categories ); 
     385    $where = apply_filters( 'get_previous_post_where', $wpdb->prepare("WHERE p.post_date < %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories ); 
    386386    $sort  = apply_filters( 'get_previous_post_sort', 'ORDER BY p.post_date DESC LIMIT 1' ); 
    387387 
     
    401401        $join = " INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id "; 
    402402        $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=tt_ids'); 
    403         $join .= ' AND (tr.term_taxonomy_id = ' . intval($cat_array[0]); 
     403        $join .= $wpdb->prepare(' AND (tr.term_taxonomy_id = %d', $cat_array[0]); 
    404404        for ( $i = 1; $i < (count($cat_array)); $i++ ) { 
    405             $join .= ' OR tr.term_taxonomy_id = ' . intval($cat_array[$i]); 
     405            $join .= $wpdb->prepare(' OR tr.term_taxonomy_id = $d', $cat_array[$i]); 
    406406        } 
    407407        $join .= ')'; 
     
    416416 
    417417    $join  = apply_filters( 'get_next_post_join', $join, $in_same_cat, $excluded_categories ); 
    418     $where = apply_filters( 'get_next_post_where', "WHERE p.post_date > '$current_post_date' AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql AND p.ID != $post->ID", $in_same_cat, $excluded_categories ); 
     418    $where = apply_filters( 'get_next_post_where', $wpdb->prepare("WHERE p.post_date > %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql AND p.ID != %d", $current_post_date, $post->ID), $in_same_cat, $excluded_categories ); 
    419419    $sort  = apply_filters( 'get_next_post_sort', 'ORDER BY p.post_date ASC LIMIT 1' ); 
    420420 
  • trunk/wp-includes/pluggable.php

    r6145 r6180  
    6161function get_userdata( $user_id ) { 
    6262    global $wpdb; 
    63     $user_id = (int) $user_id; 
     63    $user_id = abs(intval($user_id)); 
    6464    if ( $user_id == 0 ) 
    6565        return false; 
     
    7070        return $user; 
    7171 
    72     if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") ) 
     72    if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) ) 
    7373        return false; 
    7474 
    7575    $wpdb->hide_errors(); 
    76     $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'"); 
     76    $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id)); 
    7777    $wpdb->show_errors(); 
    7878 
     
    122122        return $userdata; 
    123123 
    124     $user_login = $wpdb->escape($user_login); 
    125  
    126     if ( !$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$user_login'") ) 
     124    if ( !$user_ID = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_login = %s", $user_login)) ) 
    127125        return false; 
    128126 
     
    580578        return true; 
    581579 
    582     $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); 
    583     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); 
     580    $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id)); 
     581    $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID)); 
    584582 
    585583    $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); 
  • trunk/wp-includes/post.php

    r6155 r6180  
    114114            return get_page($_post, $output); 
    115115        else { 
    116             $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1"; 
    117             $_post = & $wpdb->get_row($query); 
     116            $_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); 
    118117            if ( 'page' == $_post->post_type ) 
    119118                return get_page($_post, $output); 
     
    224223            foreach ( $incposts as $incpost ) { 
    225224                if (empty($inclusions)) 
    226                     $inclusions = ' AND ( ID = ' . intval($incpost) . ' '; 
     225                    $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpost); 
    227226                else 
    228                     $inclusions .= ' OR ID = ' . intval($incpost) . ' '; 
     227                    $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpost); 
    229228            } 
    230229        } 
     
    239238            foreach ( $exposts as $expost ) { 
    240239                if (empty($exclusions)) 
    241                     $exclusions = ' AND ( ID <> ' . intval($expost) . ' '; 
     240                    $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expost); 
    242241                else 
    243                     $exclusions .= ' AND ID <> ' . intval($expost) . ' '; 
     242                    $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expost); 
    244243            } 
    245244        } 
     
    252251    $query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta "; 
    253252    $query .= " WHERE 1=1 "; 
    254     $query .= empty( $post_type ) ? '' : "AND post_type = '$post_type' "; 
    255     $query .= empty( $post_status ) ? '' : "AND post_status = '$post_status' "; 
     253    $query .= empty( $post_type ) ? '' : $wpdb->prepare("AND post_type = %s ", $post_type); 
     254    $query .= empty( $post_status ) ? '' : $wpdb->prepare("AND post_status = %s ", $post_status); 
    256255    $query .= "$exclusions $inclusions " ; 
    257     $query .= empty( $category ) ? '' : "AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = " . $category. ") "; 
    258     $query .= empty( $post_parent ) ? '' : "AND $wpdb->posts.post_parent = '$post_parent' "; 
     256    $query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d) ", $category); 
     257    $query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent); 
     258    // expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works 
    259259    $query .= empty( $meta_key ) | empty($meta_value)  ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )"; 
    260260    $query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order; 
    261261    if ( 0 < $numberposts ) 
    262         $query .= " LIMIT " . $offset . ',' . $numberposts; 
     262        $query .= $wpdb->prepare(" LIMIT %d,%d", $offset, $numberposts); 
    263263 
    264264    $posts = $wpdb->get_results($query); 
     
    276276    global $wpdb, $post_meta_cache, $blog_id; 
    277277 
    278     $post_id = (int) $post_id; 
    279  
    280278    if ( $unique ) { 
    281         if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) { 
     279        // expected_slashed ($key) 
     280        if ( $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) { 
    282281            return false; 
    283282        } 
     
    287286 
    288287    $value = maybe_serialize($value); 
    289     $value = $wpdb->escape($value); 
    290  
    291     $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')"); 
     288 
     289    // expected_slashed ($key) 
     290    $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES (%d,'$key',%s)", $post_id, $value)); 
    292291 
    293292    return true; 
     
    297296    global $wpdb, $post_meta_cache, $blog_id; 
    298297 
    299     $post_id = (int) $post_id; 
    300  
    301298    if ( empty($value) ) { 
    302         $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'"); 
    303     } else { 
    304         $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'"); 
     299        // expected_slashed ($key) 
     300        $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id)); 
     301    } else { 
     302        // expected_slashed ($key, $value) 
     303        $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id)); 
    305304    } 
    306305 
     
    309308 
    310309    if ( empty($value) ) { 
    311         $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'"); 
     310        // expected_slashed ($key) 
     311        $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id)); 
    312312        unset($post_meta_cache[$blog_id][$post_id][$key]); 
    313313    } else { 
    314         $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'"); 
     314        // expected_slashed ($key, $value) 
     315        $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id)); 
    315316        $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; 
    316317        if ($cache_key) foreach ( $cache_key as $index => $data ) 
     
    353354    global $wpdb, $post_meta_cache, $blog_id; 
    354355 
    355     $post_id = (int) $post_id; 
    356  
    357356    $original_value = $value; 
    358357    $value = maybe_serialize($value); 
    359     $value = $wpdb->escape($value); 
    360358 
    361359    $original_prev = $prev_value; 
    362360    $prev_value = maybe_serialize($prev_value); 
    363     $prev_value = $wpdb->escape($prev_value); 
    364  
    365     if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) { 
     361 
     362    // expected_slashed ($key) 
     363    if (! $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) { 
    366364        return false; 
    367365    } 
    368366 
    369367    if ( empty($prev_value) ) { 
    370         $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'"); 
     368        // expected_slashed ($key) 
     369        $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d", $value, $post_id)); 
    371370        $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; 
    372371        if ( !empty($cache_key) ) 
     
    374373                $post_meta_cache[$blog_id][$post_id][$key][$index] = $original_value; 
    375374    } else { 
    376         $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'"); 
     375        // expected_slashed ($key) 
     376        $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d AND meta_value = %s", $value, $post_id, $prev_value)); 
    377377        $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; 
    378378        if ( !empty($cache_key) ) 
     
    388388function delete_post_meta_by_key($post_meta_key) { 
    389389    global $wpdb, $post_meta_cache, $blog_id; 
    390     $post_meta_key = $wpdb->escape($post_meta_key); 
    391     if ( $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = '$post_meta_key'") ) { 
     390    if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { 
    392391        unset($post_meta_cache[$blog_id]); // not worth doing the work to iterate through the cache 
    393392        return true; 
     
    505504function wp_delete_post($postid = 0) { 
    506505    global $wpdb, $wp_rewrite; 
    507     $postid = (int) $postid; 
    508  
    509     if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") ) 
     506 
     507    if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 
    510508        return $post; 
    511509 
     
    519517 
    520518    if ( 'page' == $post->post_type ) 
    521         $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'page'"); 
    522  
    523     $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'attachment'"); 
    524  
    525     $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid"); 
    526  
    527     $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid"); 
    528  
    529     $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid"); 
     519        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = %d AND post_type = 'page'", $postid )); 
     520 
     521    $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE post_parent = %d AND post_type = 'attachment'", $post->post_parent, $postid )); 
     522 
     523    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 
     524 
     525    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 
     526 
     527    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); 
    530528 
    531529    if ( 'page' == $post->post_type ) { 
     
    695693 
    696694    if ( 'draft' != $post_status ) { 
    697         $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); 
     695        // expected_slashed ($post_name, $post_type) 
     696        $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 
    698697 
    699698        if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { 
     
    701700            do { 
    702701                $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix"; 
    703                 $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); 
     702                // expected_slashed ($alt_post_name, $post_name, $post_type) 
     703                $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 
    704704                $suffix++; 
    705705            } while ($post_name_check); 
     
    709709 
    710710    if ($update) { 
     711        // expected_slashed (everything!) 
    711712        $wpdb->query( 
     713            $wpdb->prepare( 
    712714            "UPDATE IGNORE $wpdb->posts SET 
    713715            post_author = '$post_author', 
     
    728730            post_modified = '".current_time('mysql')."', 
    729731            post_modified_gmt = '".current_time('mysql',1)."', 
    730             post_parent = '$post_parent', 
     732            post_parent = %d, 
    731733            menu_order = '$menu_order' 
    732             WHERE ID = $post_ID"); 
    733     } else { 
     734            WHERE ID = %d" 
     735            , $post_parent, $post_ID )); 
     736    } else { 
     737        // expected_slashed (everything!) 
    734738        $wpdb->query( 
     739            $wpdb->prepare( 
    735740            "INSERT IGNORE INTO $wpdb->posts 
    736741            (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type) 
    737742            VALUES 
    738             ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')"); 
     743            ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type')", $post_parent)); 
    739744            $post_ID = (int) $wpdb->insert_id; 
    740745    } 
     
    742747    if ( empty($post_name) && 'draft' != $post_status ) { 
    743748        $post_name = sanitize_title($post_title, $post_ID); 
    744         $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" ); 
     749        // expected_slashed ($post_name) 
     750        $wpdb->query($wpdb->prepare("UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID)); 
    745751    } 
    746752 
     
    756762    // Set GUID 
    757763    if ( ! $update ) 
    758         $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post_ID) . "' WHERE ID = '$post_ID'"); 
     764        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post_ID), $post_ID )); 
    759765 
    760766    $post = get_post($post_ID); 
     
    824830        return; 
    825831 
    826     $wpdb->query( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = '$post_id'" ); 
     832    $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = %d", $post_id )); 
    827833 
    828834    $old_status = $post->post_status; 
     
    884890function add_ping($post_id, $uri) { // Add a URL to those already pung 
    885891    global $wpdb; 
    886     $pung = $wpdb->get_var("SELECT pinged FROM $wpdb->posts WHERE ID = $post_id"); 
     892    $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    887893    $pung = trim($pung); 
    888894    $pung = preg_split('/\s/', $pung); 
     
    890896    $new = implode("\n", $pung); 
    891897    $new = apply_filters('add_ping', $new); 
    892     return $wpdb->query("UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = $post_id"); 
     898    // expected_slashed ($new) 
     899    return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = %d", $post_id )); 
    893900} 
    894901 
     
    914921function get_pung($post_id) { // Get URLs already pung for a post 
    915922    global $wpdb; 
    916     $pung = $wpdb->get_var("SELECT pinged FROM $wpdb->posts WHERE ID = $post_id"); 
     923    $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    917924    $pung = trim($pung); 
    918925    $pung = preg_split('/\s/', $pung); 
     
    923930function get_to_ping($post_id) { // Get any URLs in the todo list 
    924931    global $wpdb; 
    925     $to_ping = $wpdb->get_var("SELECT to_ping FROM $wpdb->posts WHERE ID = $post_id"); 
     932    $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    926933    $to_ping = trim($to_ping); 
    927934    $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); 
     
    10021009            } else { // it's not in any caches, so off to the DB we go 
    10031010                // Why are we using assignment for this query? 
    1004                 $_page = & $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1"); 
     1011                $_page = & $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID= %d LIMIT 1", $page )); 
    10051012                if ( 'post' == $_page->post_type ) 
    10061013                    return get_post($_page, $output); 
     
    10361043        $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir); 
    10371044 
    1038     $pages = $wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = '$leaf_path' AND post_type='page'"); 
     1045    $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND post_type='page'", $leaf_path )); 
    10391046 
    10401047    if ( empty($pages) ) 
     
    10451052        $curpage = $page; 
    10461053        while ($curpage->post_parent != 0) { 
    1047             $curpage = $wpdb->get_row("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = '$curpage->post_parent' and post_type='page'"); 
     1054            $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); 
    10481055            $path = '/' . $curpage->post_name . $path; 
    10491056        } 
     
    10581065function get_page_by_title($page_title, $output = OBJECT) { 
    10591066    global $wpdb; 
    1060     $page_title = $wpdb->escape($page_title); 
    1061     $page = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$page_title' AND post_type='page'"); 
     1067    $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); 
    10621068    if ( $page ) 
    10631069        return get_page($page, $output); 
     
    11421148            foreach ( $incpages as $incpage ) { 
    11431149                if (empty($inclusions)) 
    1144                     $inclusions = ' AND ( ID = ' . intval($incpage) . ' '; 
     1150                    $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpage); 
    11451151                else 
    1146                     $inclusions .= ' OR ID = ' . intval($incpage) . ' '; 
     1152                    $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpage); 
    11471153            } 
    11481154        } 
     
    11571163            foreach ( $expages as $expage ) { 
    11581164                if (empty($exclusions)) 
    1159                     $exclusions = ' AND ( ID <> ' . intval($expage) . ' '; 
     1165                    $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expage); 
    11601166                else 
    1161                     $exclusions .= ' AND ID <> ' . intval($expage) . ' '; 
     1167                    $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expage); 
    11621168            } 
    11631169        } 
     
    11831189 
    11841190                if ( '' == $author_query ) 
    1185                     $author_query = ' post_author = ' . intval($post_author) . ' '; 
     1191                    $author_query = $wpdb->prepare(' post_author = %d ', $post_author); 
    11861192                else 
    1187                     $author_query .= ' OR post_author = ' . intval($post_author) . ' '; 
     1193                    $author_query .= $wpdb->prepare(' OR post_author = %d ', $post_author); 
    11881194            } 
    11891195            if ( '' != $author_query ) 
     
    11951201    $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ; 
    11961202    $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ; 
     1203    // expected_slashed ($meta_key, $meta_value) -- also, it looks funky 
    11971204    $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ; 
    11981205    $query .= $author_query; 
     
    12351242            // URL => page name 
    12361243            $uri = get_page_uri($id); 
    1237             $attachments = $wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = '$id'"); 
     1244            $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); 
    12381245            if ( $attachments ) { 
    12391246                foreach ( $attachments as $attachment ) { 
     
    13131320        $post_name = sanitize_title($post_name); 
    13141321 
     1322    // expected_slashed ($post_name) 
    13151323    $post_name_check = 
    1316         $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != '$post_ID' LIMIT 1"); 
     1324        $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID)); 
    13171325 
    13181326    if ($post_name_check) { 
     
    13201328        while ($post_name_check) { 
    13211329            $alt_post_name = $post_name . "-$suffix"; 
    1322             $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); 
     1330            // expected_slashed ($alt_post_name, $post_name) 
     1331            $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 
    13231332            $suffix++; 
    13241333        } 
     
    13621371 
    13631372    if ($update) { 
     1373        // expected_slashed (everything!) 
    13641374        $wpdb->query( 
     1375            $wpdb->prepare( 
    13651376            "UPDATE $wpdb->posts SET 
    13661377            post_author = '$post_author', 
     
    13811392            post_modified = '".current_time('mysql')."', 
    13821393            post_modified_gmt = '".current_time('mysql',1)."', 
    1383             post_parent = '$post_parent', 
     1394            post_parent = %d, 
    13841395            menu_order = '$menu_order', 
    13851396            post_mime_type = '$post_mime_type', 
    13861397            guid = '$guid' 
    1387             WHERE ID = $post_ID"); 
    1388     } else { 
     1398            WHERE ID = %d", $post_parent, $post_ID)); 
     1399    } else { 
     1400        // expected_slashed (everything!) 
    13891401        $wpdb->query( 
     1402            $wpdb->prepare( 
    13901403            "INSERT INTO $wpdb->posts 
    13911404            (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) 
    13921405            VALUES 
    1393             ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')"); 
     1406            ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type', '$guid')", $post_parent )); 
    13941407            $post_ID = (int) $wpdb->insert_id; 
    13951408    } 
     
    13971410    if ( empty($post_name) ) { 
    13981411        $post_name = sanitize_title($post_title, $post_ID); 
    1399         $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" ); 
     1412        // expected_slashed ($post_name) 
     1413        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID)); 
    14001414    } 
    14011415 
     
    14181432function wp_delete_attachment($postid) { 
    14191433    global $wpdb; 
    1420     $postid = (int) $postid; 
    1421  
    1422     if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") ) 
     1434 
     1435    if ( !$post = $wpdb->get_row(  $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 
    14231436        return $post; 
    14241437 
     
    14321445    wp_delete_object_term_relationships($postid, array('category', 'post_tag')); 
    14331446 
    1434     $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'"); 
    1435  
    1436     $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'"); 
    1437  
    1438     $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'"); 
     1447    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 
     1448 
     1449    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 
     1450 
     1451    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); 
    14391452 
    14401453    if ( ! empty($meta['thumb']) ) { 
    14411454        // Don't delete the thumb if another attachment uses it 
    1442         if (! $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid")) { 
     1455        if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) { 
    14431456            $thumbfile = str_replace(basename($file), $meta['thumb'], $file); 
    14441457            $thumbfile = apply_filters('wp_delete_file', $thumbfile); 
     
    18321845    if ( $old_status != 'publish' && $new_status == 'publish' ) { 
    18331846            // Reset GUID if transitioning to publish. 
    1834             $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post->ID) . "' WHERE ID = '$post->ID'"); 
     1847            $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post->ID), $post->ID )); 
    18351848            do_action('private_to_published', $post->ID);  // Deprecated, use private_to_publish 
    18361849    } 
     
    18601873 
    18611874    if ( get_option('default_pingback_flag') ) 
    1862         $result = $wpdb->query(" 
     1875        $result = $wpdb->query( $wpdb->prepare( " 
    18631876            INSERT INTO $wpdb->postmeta 
    18641877            (post_id,meta_key,meta_value) 
    1865             VALUES ('$post_id','_pingme','1') 
    1866         "); 
    1867     $result = $wpdb->query(" 
     1878            VALUES (%s,'_pingme','1') 
     1879        ", $post_id )); 
     1880    $result = $wpdb->query( $wpdb->prepare( " 
    18681881        INSERT INTO $wpdb->postmeta 
    18691882        (post_id,meta_key,meta_value) 
    1870         VALUES ('$post_id','_encloseme','1') 
    1871     "); 
     1883        VALUES (%s,'_encloseme','1') 
     1884    ", $post_id )); 
    18721885    wp_schedule_single_event(time(), 'do_pings'); 
    18731886} 
Note: See TracChangeset for help on using the changeset viewer.