WordPress.org

Make WordPress Core

Changeset 6180


Ignore:
Timestamp:
10/02/2007 06:45:47 PM (11 years ago)
Author:
markjaquith
Message:

prepare() for wp-includes/ link-template.php, post.php, general-template.php, pluggable.php, functions.php. see #4553

Location:
trunk/wp-includes
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/functions.php

    r6153 r6180  
    200200            if ( defined('WP_INSTALLING') )
    201201                $wpdb->hide_errors();
     202            // expected_slashed ($setting)
    202203            $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1");
    203204            if ( defined('WP_INSTALLING') )
     
    316317    }
    317318
    318     $newvalue = $wpdb->escape($newvalue);
    319     $option_name = $wpdb->escape($option_name);
    320     $wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'");
     319    $wpdb->query($wpdb->prepare("UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name));
    321320    if ( $wpdb->rows_affected == 1 ) {
    322321        do_action("update_option_{$option_name}", $oldvalue, $_newvalue);
     
    358357    }
    359358
    360     $name = $wpdb->escape($name);
    361     $value = $wpdb->escape($value);
    362     $wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES ('$name', '$value', '$autoload')");
     359    $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload));
    363360
    364361    return;
     
    371368
    372369    // Get the ID, if no ID then return
     370    // expected_slashed ($name)
    373371    $option = $wpdb->get_row("SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'");
    374372    if ( !$option->option_id ) return false;
     373    // expected_slashed ($name)
    375374    $wpdb->query("DELETE FROM $wpdb->options WHERE option_name = '$name'");
    376375    if ( 'yes' == $option->autoload ) {
     
    515514
    516515    foreach ($post_links as $url) :
    517         if ( $url != '' && !$wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) {
     516        if ( $url != '' && !$wpdb->get_var($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url.'%')) ) {
    518517            if ( $headers = wp_get_http_headers( $url) ) {
    519518                $len = (int) $headers['content-length'];
     
    522521                if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
    523522                    $meta_value = "$url\n$len\n$type\n";
    524                     $wpdb->query( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` )
    525                     VALUES ( '$post_ID', 'enclosure' , '$meta_value')" );
     523                    $wpdb->query($wpdb->prepare("INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` )
     524                    VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value));
    526525                }
    527526            }
  • trunk/wp-includes/general-template.php

    r6148 r6180  
    209209    if ( !empty($author_name) ) {
    210210        // We do a direct query here because we don't cache by nicename.
    211         $title = $wpdb->get_var("SELECT display_name FROM $wpdb->users WHERE user_nicename = '$author_name'");
     211        $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name));
    212212    }
    213213
     
    256256    if ( intval($p) || '' != $name ) {
    257257        if ( !$p )
    258             $p = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_name = '$name'");
     258            $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name));
    259259        $post = & get_post($p);
    260260        $title = $post->post_title;
     
    364364
    365365    if ( '' != $limit ) {
    366         $limit = (int) $limit;
     366        $limit = abs(intval($limit));
    367367        $limit = ' LIMIT '.$limit;
    368368    }
  • trunk/wp-includes/link-template.php

    r6152 r6180  
    368368        $join = " INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id ";
    369369        $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=tt_ids');
    370         $join .= ' AND (tr.term_taxonomy_id = ' . intval($cat_array[0]);
     370        $join .= $wpdb->prepare(' AND (tr.term_taxonomy_id = %d', $cat_array[0]);
    371371        for ( $i = 1; $i < (count($cat_array)); $i++ ) {
    372             $join .= ' OR tr.term_taxonomy_id = ' . intval($cat_array[$i]);
     372            $join .= $wpdb->prepare(' OR tr.term_taxonomy_id = %d', $cat_array[$i]);
    373373        }
    374374        $join .= ')';
     
    383383
    384384    $join  = apply_filters( 'get_previous_post_join', $join, $in_same_cat, $excluded_categories );
    385     $where = apply_filters( 'get_previous_post_where', "WHERE p.post_date < '$current_post_date' AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $in_same_cat, $excluded_categories );
     385    $where = apply_filters( 'get_previous_post_where', $wpdb->prepare("WHERE p.post_date < %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories );
    386386    $sort  = apply_filters( 'get_previous_post_sort', 'ORDER BY p.post_date DESC LIMIT 1' );
    387387
     
    401401        $join = " INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id ";
    402402        $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=tt_ids');
    403         $join .= ' AND (tr.term_taxonomy_id = ' . intval($cat_array[0]);
     403        $join .= $wpdb->prepare(' AND (tr.term_taxonomy_id = %d', $cat_array[0]);
    404404        for ( $i = 1; $i < (count($cat_array)); $i++ ) {
    405             $join .= ' OR tr.term_taxonomy_id = ' . intval($cat_array[$i]);
     405            $join .= $wpdb->prepare(' OR tr.term_taxonomy_id = $d', $cat_array[$i]);
    406406        }
    407407        $join .= ')';
     
    416416
    417417    $join  = apply_filters( 'get_next_post_join', $join, $in_same_cat, $excluded_categories );
    418     $where = apply_filters( 'get_next_post_where', "WHERE p.post_date > '$current_post_date' AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql AND p.ID != $post->ID", $in_same_cat, $excluded_categories );
     418    $where = apply_filters( 'get_next_post_where', $wpdb->prepare("WHERE p.post_date > %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql AND p.ID != %d", $current_post_date, $post->ID), $in_same_cat, $excluded_categories );
    419419    $sort  = apply_filters( 'get_next_post_sort', 'ORDER BY p.post_date ASC LIMIT 1' );
    420420
  • trunk/wp-includes/pluggable.php

    r6145 r6180  
    6161function get_userdata( $user_id ) {
    6262    global $wpdb;
    63     $user_id = (int) $user_id;
     63    $user_id = abs(intval($user_id));
    6464    if ( $user_id == 0 )
    6565        return false;
     
    7070        return $user;
    7171
    72     if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") )
     72    if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) )
    7373        return false;
    7474
    7575    $wpdb->hide_errors();
    76     $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
     76    $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id));
    7777    $wpdb->show_errors();
    7878
     
    122122        return $userdata;
    123123
    124     $user_login = $wpdb->escape($user_login);
    125 
    126     if ( !$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$user_login'") )
     124    if ( !$user_ID = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_login = %s", $user_login)) )
    127125        return false;
    128126
     
    580578        return true;
    581579
    582     $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
    583     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
     580    $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id));
     581    $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID));
    584582
    585583    $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
  • trunk/wp-includes/post.php

    r6155 r6180  
    114114            return get_page($_post, $output);
    115115        else {
    116             $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1";
    117             $_post = & $wpdb->get_row($query);
     116            $_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
    118117            if ( 'page' == $_post->post_type )
    119118                return get_page($_post, $output);
     
    224223            foreach ( $incposts as $incpost ) {
    225224                if (empty($inclusions))
    226                     $inclusions = ' AND ( ID = ' . intval($incpost) . ' ';
     225                    $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpost);
    227226                else
    228                     $inclusions .= ' OR ID = ' . intval($incpost) . ' ';
     227                    $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpost);
    229228            }
    230229        }
     
    239238            foreach ( $exposts as $expost ) {
    240239                if (empty($exclusions))
    241                     $exclusions = ' AND ( ID <> ' . intval($expost) . ' ';
     240                    $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expost);
    242241                else
    243                     $exclusions .= ' AND ID <> ' . intval($expost) . ' ';
     242                    $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expost);
    244243            }
    245244        }
     
    252251    $query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta ";
    253252    $query .= " WHERE 1=1 ";
    254     $query .= empty( $post_type ) ? '' : "AND post_type = '$post_type' ";
    255     $query .= empty( $post_status ) ? '' : "AND post_status = '$post_status' ";
     253    $query .= empty( $post_type ) ? '' : $wpdb->prepare("AND post_type = %s ", $post_type);
     254    $query .= empty( $post_status ) ? '' : $wpdb->prepare("AND post_status = %s ", $post_status);
    256255    $query .= "$exclusions $inclusions " ;
    257     $query .= empty( $category ) ? '' : "AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = " . $category. ") ";
    258     $query .= empty( $post_parent ) ? '' : "AND $wpdb->posts.post_parent = '$post_parent' ";
     256    $query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d) ", $category);
     257    $query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent);
     258    // expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works
    259259    $query .= empty( $meta_key ) | empty($meta_value)  ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )";
    260260    $query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order;
    261261    if ( 0 < $numberposts )
    262         $query .= " LIMIT " . $offset . ',' . $numberposts;
     262        $query .= $wpdb->prepare(" LIMIT %d,%d", $offset, $numberposts);
    263263
    264264    $posts = $wpdb->get_results($query);
     
    276276    global $wpdb, $post_meta_cache, $blog_id;
    277277
    278     $post_id = (int) $post_id;
    279 
    280278    if ( $unique ) {
    281         if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
     279        // expected_slashed ($key)
     280        if ( $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) {
    282281            return false;
    283282        }
     
    287286
    288287    $value = maybe_serialize($value);
    289     $value = $wpdb->escape($value);
    290 
    291     $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
     288
     289    // expected_slashed ($key)
     290    $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES (%d,'$key',%s)", $post_id, $value));
    292291
    293292    return true;
     
    297296    global $wpdb, $post_meta_cache, $blog_id;
    298297
    299     $post_id = (int) $post_id;
    300 
    301298    if ( empty($value) ) {
    302         $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
    303     } else {
    304         $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
     299        // expected_slashed ($key)
     300        $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id));
     301    } else {
     302        // expected_slashed ($key, $value)
     303        $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id));
    305304    }
    306305
     
    309308
    310309    if ( empty($value) ) {
    311         $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
     310        // expected_slashed ($key)
     311        $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id));
    312312        unset($post_meta_cache[$blog_id][$post_id][$key]);
    313313    } else {
    314         $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
     314        // expected_slashed ($key, $value)
     315        $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id));
    315316        $cache_key = $post_meta_cache[$blog_id][$post_id][$key];
    316317        if ($cache_key) foreach ( $cache_key as $index => $data )
     
    353354    global $wpdb, $post_meta_cache, $blog_id;
    354355
    355     $post_id = (int) $post_id;
    356 
    357356    $original_value = $value;
    358357    $value = maybe_serialize($value);
    359     $value = $wpdb->escape($value);
    360358
    361359    $original_prev = $prev_value;
    362360    $prev_value = maybe_serialize($prev_value);
    363     $prev_value = $wpdb->escape($prev_value);
    364 
    365     if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
     361
     362    // expected_slashed ($key)
     363    if (! $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) {
    366364        return false;
    367365    }
    368366
    369367    if ( empty($prev_value) ) {
    370         $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'");
     368        // expected_slashed ($key)
     369        $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d", $value, $post_id));
    371370        $cache_key = $post_meta_cache[$blog_id][$post_id][$key];
    372371        if ( !empty($cache_key) )
     
    374373                $post_meta_cache[$blog_id][$post_id][$key][$index] = $original_value;
    375374    } else {
    376         $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
     375        // expected_slashed ($key)
     376        $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d AND meta_value = %s", $value, $post_id, $prev_value));
    377377        $cache_key = $post_meta_cache[$blog_id][$post_id][$key];
    378378        if ( !empty($cache_key) )
     
    388388function delete_post_meta_by_key($post_meta_key) {
    389389    global $wpdb, $post_meta_cache, $blog_id;
    390     $post_meta_key = $wpdb->escape($post_meta_key);
    391     if ( $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = '$post_meta_key'") ) {
     390    if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) {
    392391        unset($post_meta_cache[$blog_id]); // not worth doing the work to iterate through the cache
    393392        return true;
     
    505504function wp_delete_post($postid = 0) {
    506505    global $wpdb, $wp_rewrite;
    507     $postid = (int) $postid;
    508 
    509     if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
     506
     507    if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) )
    510508        return $post;
    511509
     
    519517
    520518    if ( 'page' == $post->post_type )
    521         $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'page'");
    522 
    523     $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'attachment'");
    524 
    525     $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
    526 
    527     $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
    528 
    529     $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
     519        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = %d AND post_type = 'page'", $postid ));
     520
     521    $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE post_parent = %d AND post_type = 'attachment'", $post->post_parent, $postid ));
     522
     523    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid ));
     524
     525    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid ));
     526
     527    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid ));
    530528
    531529    if ( 'page' == $post->post_type ) {
     
    695693
    696694    if ( 'draft' != $post_status ) {
    697         $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1");
     695        // expected_slashed ($post_name, $post_type)
     696        $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
    698697
    699698        if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) {
     
    701700            do {
    702701                $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix";
    703                 $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1");
     702                // expected_slashed ($alt_post_name, $post_name, $post_type)
     703                $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
    704704                $suffix++;
    705705            } while ($post_name_check);
     
    709709
    710710    if ($update) {
     711        // expected_slashed (everything!)
    711712        $wpdb->query(
     713            $wpdb->prepare(
    712714            "UPDATE IGNORE $wpdb->posts SET
    713715            post_author = '$post_author',
     
    728730            post_modified = '".current_time('mysql')."',
    729731            post_modified_gmt = '".current_time('mysql',1)."',
    730             post_parent = '$post_parent',
     732            post_parent = %d,
    731733            menu_order = '$menu_order'
    732             WHERE ID = $post_ID");
    733     } else {
     734            WHERE ID = %d"
     735            , $post_parent, $post_ID ));
     736    } else {
     737        // expected_slashed (everything!)
    734738        $wpdb->query(
     739            $wpdb->prepare(
    735740            "INSERT IGNORE INTO $wpdb->posts
    736741            (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type)
    737742            VALUES
    738             ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')");
     743            ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type')", $post_parent));
    739744            $post_ID = (int) $wpdb->insert_id;
    740745    }
     
    742747    if ( empty($post_name) && 'draft' != $post_status ) {
    743748        $post_name = sanitize_title($post_title, $post_ID);
    744         $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" );
     749        // expected_slashed ($post_name)
     750        $wpdb->query($wpdb->prepare("UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID));
    745751    }
    746752
     
    756762    // Set GUID
    757763    if ( ! $update )
    758         $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post_ID) . "' WHERE ID = '$post_ID'");
     764        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post_ID), $post_ID ));
    759765
    760766    $post = get_post($post_ID);
     
    824830        return;
    825831
    826     $wpdb->query( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = '$post_id'" );
     832    $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = %d", $post_id ));
    827833
    828834    $old_status = $post->post_status;
     
    884890function add_ping($post_id, $uri) { // Add a URL to those already pung
    885891    global $wpdb;
    886     $pung = $wpdb->get_var("SELECT pinged FROM $wpdb->posts WHERE ID = $post_id");
     892    $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id ));
    887893    $pung = trim($pung);
    888894    $pung = preg_split('/\s/', $pung);
     
    890896    $new = implode("\n", $pung);
    891897    $new = apply_filters('add_ping', $new);
    892     return $wpdb->query("UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = $post_id");
     898    // expected_slashed ($new)
     899    return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = %d", $post_id ));
    893900}
    894901
     
    914921function get_pung($post_id) { // Get URLs already pung for a post
    915922    global $wpdb;
    916     $pung = $wpdb->get_var("SELECT pinged FROM $wpdb->posts WHERE ID = $post_id");
     923    $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id ));
    917924    $pung = trim($pung);
    918925    $pung = preg_split('/\s/', $pung);
     
    923930function get_to_ping($post_id) { // Get any URLs in the todo list
    924931    global $wpdb;
    925     $to_ping = $wpdb->get_var("SELECT to_ping FROM $wpdb->posts WHERE ID = $post_id");
     932    $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id ));
    926933    $to_ping = trim($to_ping);
    927934    $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY);
     
    10021009            } else { // it's not in any caches, so off to the DB we go
    10031010                // Why are we using assignment for this query?
    1004                 $_page = & $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1");
     1011                $_page = & $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID= %d LIMIT 1", $page ));
    10051012                if ( 'post' == $_page->post_type )
    10061013                    return get_post($_page, $output);
     
    10361043        $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir);
    10371044
    1038     $pages = $wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = '$leaf_path' AND post_type='page'");
     1045    $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND post_type='page'", $leaf_path ));
    10391046
    10401047    if ( empty($pages) )
     
    10451052        $curpage = $page;
    10461053        while ($curpage->post_parent != 0) {
    1047             $curpage = $wpdb->get_row("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = '$curpage->post_parent' and post_type='page'");
     1054            $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent ));
    10481055            $path = '/' . $curpage->post_name . $path;
    10491056        }
     
    10581065function get_page_by_title($page_title, $output = OBJECT) {
    10591066    global $wpdb;
    1060     $page_title = $wpdb->escape($page_title);
    1061     $page = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$page_title' AND post_type='page'");
     1067    $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title ));
    10621068    if ( $page )
    10631069        return get_page($page, $output);
     
    11421148            foreach ( $incpages as $incpage ) {
    11431149                if (empty($inclusions))
    1144                     $inclusions = ' AND ( ID = ' . intval($incpage) . ' ';
     1150                    $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpage);
    11451151                else
    1146                     $inclusions .= ' OR ID = ' . intval($incpage) . ' ';
     1152                    $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpage);
    11471153            }
    11481154        }
     
    11571163            foreach ( $expages as $expage ) {
    11581164                if (empty($exclusions))
    1159                     $exclusions = ' AND ( ID <> ' . intval($expage) . ' ';
     1165                    $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expage);
    11601166                else
    1161                     $exclusions .= ' AND ID <> ' . intval($expage) . ' ';
     1167                    $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expage);
    11621168            }
    11631169        }
     
    11831189
    11841190                if ( '' == $author_query )
    1185                     $author_query = ' post_author = ' . intval($post_author) . ' ';
     1191                    $author_query = $wpdb->prepare(' post_author = %d ', $post_author);
    11861192                else
    1187                     $author_query .= ' OR post_author = ' . intval($post_author) . ' ';
     1193                    $author_query .= $wpdb->prepare(' OR post_author = %d ', $post_author);
    11881194            }
    11891195            if ( '' != $author_query )
     
    11951201    $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ;
    11961202    $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ;
     1203    // expected_slashed ($meta_key, $meta_value) -- also, it looks funky
    11971204    $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ;
    11981205    $query .= $author_query;
     
    12351242            // URL => page name
    12361243            $uri = get_page_uri($id);
    1237             $attachments = $wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = '$id'");
     1244            $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id ));
    12381245            if ( $attachments ) {
    12391246                foreach ( $attachments as $attachment ) {
     
    13131320        $post_name = sanitize_title($post_name);
    13141321
     1322    // expected_slashed ($post_name)
    13151323    $post_name_check =
    1316         $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != '$post_ID' LIMIT 1");
     1324        $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID));
    13171325
    13181326    if ($post_name_check) {
     
    13201328        while ($post_name_check) {
    13211329            $alt_post_name = $post_name . "-$suffix";
    1322             $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1");
     1330            // expected_slashed ($alt_post_name, $post_name)
     1331            $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
    13231332            $suffix++;
    13241333        }
     
    13621371
    13631372    if ($update) {
     1373        // expected_slashed (everything!)
    13641374        $wpdb->query(
     1375            $wpdb->prepare(
    13651376            "UPDATE $wpdb->posts SET
    13661377            post_author = '$post_author',
     
    13811392            post_modified = '".current_time('mysql')."',
    13821393            post_modified_gmt = '".current_time('mysql',1)."',
    1383             post_parent = '$post_parent',
     1394            post_parent = %d,
    13841395            menu_order = '$menu_order',
    13851396            post_mime_type = '$post_mime_type',
    13861397            guid = '$guid'
    1387             WHERE ID = $post_ID");
    1388     } else {
     1398            WHERE ID = %d", $post_parent, $post_ID));
     1399    } else {
     1400        // expected_slashed (everything!)
    13891401        $wpdb->query(
     1402            $wpdb->prepare(
    13901403            "INSERT INTO $wpdb->posts
    13911404            (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
    13921405            VALUES
    1393             ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
     1406            ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type', '$guid')", $post_parent ));
    13941407            $post_ID = (int) $wpdb->insert_id;
    13951408    }
     
    13971410    if ( empty($post_name) ) {
    13981411        $post_name = sanitize_title($post_title, $post_ID);
    1399         $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" );
     1412        // expected_slashed ($post_name)
     1413        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID));
    14001414    }
    14011415
     
    14181432function wp_delete_attachment($postid) {
    14191433    global $wpdb;
    1420     $postid = (int) $postid;
    1421 
    1422     if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
     1434
     1435    if ( !$post = $wpdb->get_row(  $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) )
    14231436        return $post;
    14241437
     
    14321445    wp_delete_object_term_relationships($postid, array('category', 'post_tag'));
    14331446
    1434     $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
    1435 
    1436     $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
    1437 
    1438     $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
     1447    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid ));
     1448
     1449    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid ));
     1450
     1451    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid ));
    14391452
    14401453    if ( ! empty($meta['thumb']) ) {
    14411454        // Don't delete the thumb if another attachment uses it
    1442         if (! $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid")) {
     1455        if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) {
    14431456            $thumbfile = str_replace(basename($file), $meta['thumb'], $file);
    14441457            $thumbfile = apply_filters('wp_delete_file', $thumbfile);
     
    18321845    if ( $old_status != 'publish' && $new_status == 'publish' ) {
    18331846            // Reset GUID if transitioning to publish.
    1834             $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post->ID) . "' WHERE ID = '$post->ID'");
     1847            $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post->ID), $post->ID ));
    18351848            do_action('private_to_published', $post->ID);  // Deprecated, use private_to_publish
    18361849    }
     
    18601873
    18611874    if ( get_option('default_pingback_flag') )
    1862         $result = $wpdb->query("
     1875        $result = $wpdb->query( $wpdb->prepare( "
    18631876            INSERT INTO $wpdb->postmeta
    18641877            (post_id,meta_key,meta_value)
    1865             VALUES ('$post_id','_pingme','1')
    1866         ");
    1867     $result = $wpdb->query("
     1878            VALUES (%s,'_pingme','1')
     1879        ", $post_id ));
     1880    $result = $wpdb->query( $wpdb->prepare( "
    18681881        INSERT INTO $wpdb->postmeta
    18691882        (post_id,meta_key,meta_value)
    1870         VALUES ('$post_id','_encloseme','1')
    1871     ");
     1883        VALUES (%s,'_encloseme','1')
     1884    ", $post_id ));
    18721885    wp_schedule_single_event(time(), 'do_pings');
    18731886}
Note: See TracChangeset for help on using the changeset viewer.