Changeset 6180
- Timestamp:
- 10/02/2007 06:45:47 PM (17 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/functions.php
r6153 r6180 200 200 if ( defined('WP_INSTALLING') ) 201 201 $wpdb->hide_errors(); 202 // expected_slashed ($setting) 202 203 $row = $wpdb->get_row("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1"); 203 204 if ( defined('WP_INSTALLING') ) … … 316 317 } 317 318 318 $newvalue = $wpdb->escape($newvalue); 319 $option_name = $wpdb->escape($option_name); 320 $wpdb->query("UPDATE $wpdb->options SET option_value = '$newvalue' WHERE option_name = '$option_name'"); 319 $wpdb->query($wpdb->prepare("UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name)); 321 320 if ( $wpdb->rows_affected == 1 ) { 322 321 do_action("update_option_{$option_name}", $oldvalue, $_newvalue); … … 358 357 } 359 358 360 $name = $wpdb->escape($name); 361 $value = $wpdb->escape($value); 362 $wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES ('$name', '$value', '$autoload')"); 359 $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload)); 363 360 364 361 return; … … 371 368 372 369 // Get the ID, if no ID then return 370 // expected_slashed ($name) 373 371 $option = $wpdb->get_row("SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'"); 374 372 if ( !$option->option_id ) return false; 373 // expected_slashed ($name) 375 374 $wpdb->query("DELETE FROM $wpdb->options WHERE option_name = '$name'"); 376 375 if ( 'yes' == $option->autoload ) { … … 515 514 516 515 foreach ($post_links as $url) : 517 if ( $url != '' && !$wpdb->get_var( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) {516 if ( $url != '' && !$wpdb->get_var($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url.'%')) ) { 518 517 if ( $headers = wp_get_http_headers( $url) ) { 519 518 $len = (int) $headers['content-length']; … … 522 521 if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 523 522 $meta_value = "$url\n$len\n$type\n"; 524 $wpdb->query( 525 VALUES ( '$post_ID', 'enclosure' , '$meta_value')");523 $wpdb->query($wpdb->prepare("INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) 524 VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value)); 526 525 } 527 526 } -
trunk/wp-includes/general-template.php
r6148 r6180 209 209 if ( !empty($author_name) ) { 210 210 // We do a direct query here because we don't cache by nicename. 211 $title = $wpdb->get_var( "SELECT display_name FROM $wpdb->users WHERE user_nicename = '$author_name'");211 $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); 212 212 } 213 213 … … 256 256 if ( intval($p) || '' != $name ) { 257 257 if ( !$p ) 258 $p = $wpdb->get_var( "SELECT ID FROM $wpdb->posts WHERE post_name = '$name'");258 $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); 259 259 $post = & get_post($p); 260 260 $title = $post->post_title; … … 364 364 365 365 if ( '' != $limit ) { 366 $limit = (int) $limit;366 $limit = abs(intval($limit)); 367 367 $limit = ' LIMIT '.$limit; 368 368 } -
trunk/wp-includes/link-template.php
r6152 r6180 368 368 $join = " INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id "; 369 369 $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=tt_ids'); 370 $join .= ' AND (tr.term_taxonomy_id = ' . intval($cat_array[0]);370 $join .= $wpdb->prepare(' AND (tr.term_taxonomy_id = %d', $cat_array[0]); 371 371 for ( $i = 1; $i < (count($cat_array)); $i++ ) { 372 $join .= ' OR tr.term_taxonomy_id = ' . intval($cat_array[$i]);372 $join .= $wpdb->prepare(' OR tr.term_taxonomy_id = %d', $cat_array[$i]); 373 373 } 374 374 $join .= ')'; … … 383 383 384 384 $join = apply_filters( 'get_previous_post_join', $join, $in_same_cat, $excluded_categories ); 385 $where = apply_filters( 'get_previous_post_where', "WHERE p.post_date < '$current_post_date' AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $in_same_cat, $excluded_categories );385 $where = apply_filters( 'get_previous_post_where', $wpdb->prepare("WHERE p.post_date < %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories ); 386 386 $sort = apply_filters( 'get_previous_post_sort', 'ORDER BY p.post_date DESC LIMIT 1' ); 387 387 … … 401 401 $join = " INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id "; 402 402 $cat_array = wp_get_object_terms($post->ID, 'category', 'fields=tt_ids'); 403 $join .= ' AND (tr.term_taxonomy_id = ' . intval($cat_array[0]);403 $join .= $wpdb->prepare(' AND (tr.term_taxonomy_id = %d', $cat_array[0]); 404 404 for ( $i = 1; $i < (count($cat_array)); $i++ ) { 405 $join .= ' OR tr.term_taxonomy_id = ' . intval($cat_array[$i]);405 $join .= $wpdb->prepare(' OR tr.term_taxonomy_id = $d', $cat_array[$i]); 406 406 } 407 407 $join .= ')'; … … 416 416 417 417 $join = apply_filters( 'get_next_post_join', $join, $in_same_cat, $excluded_categories ); 418 $where = apply_filters( 'get_next_post_where', "WHERE p.post_date > '$current_post_date' AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql AND p.ID != $post->ID", $in_same_cat, $excluded_categories );418 $where = apply_filters( 'get_next_post_where', $wpdb->prepare("WHERE p.post_date > %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql AND p.ID != %d", $current_post_date, $post->ID), $in_same_cat, $excluded_categories ); 419 419 $sort = apply_filters( 'get_next_post_sort', 'ORDER BY p.post_date ASC LIMIT 1' ); 420 420 -
trunk/wp-includes/pluggable.php
r6145 r6180 61 61 function get_userdata( $user_id ) { 62 62 global $wpdb; 63 $user_id = (int) $user_id;63 $user_id = abs(intval($user_id)); 64 64 if ( $user_id == 0 ) 65 65 return false; … … 70 70 return $user; 71 71 72 if ( !$user = $wpdb->get_row( "SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") )72 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) ) 73 73 return false; 74 74 75 75 $wpdb->hide_errors(); 76 $metavalues = $wpdb->get_results( "SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");76 $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id)); 77 77 $wpdb->show_errors(); 78 78 … … 122 122 return $userdata; 123 123 124 $user_login = $wpdb->escape($user_login); 125 126 if ( !$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$user_login'") ) 124 if ( !$user_ID = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_login = %s", $user_login)) ) 127 125 return false; 128 126 … … 580 578 return true; 581 579 582 $comment = $wpdb->get_row( "SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");583 $post = $wpdb->get_row( "SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");580 $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id)); 581 $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID)); 584 582 585 583 $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); -
trunk/wp-includes/post.php
r6155 r6180 114 114 return get_page($_post, $output); 115 115 else { 116 $query = "SELECT * FROM $wpdb->posts WHERE ID = '$post' LIMIT 1"; 117 $_post = & $wpdb->get_row($query); 116 $_post = & $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); 118 117 if ( 'page' == $_post->post_type ) 119 118 return get_page($_post, $output); … … 224 223 foreach ( $incposts as $incpost ) { 225 224 if (empty($inclusions)) 226 $inclusions = ' AND ( ID = ' . intval($incpost) . ' ';225 $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpost); 227 226 else 228 $inclusions .= ' OR ID = ' . intval($incpost) . ' ';227 $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpost); 229 228 } 230 229 } … … 239 238 foreach ( $exposts as $expost ) { 240 239 if (empty($exclusions)) 241 $exclusions = ' AND ( ID <> ' . intval($expost) . ' ';240 $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expost); 242 241 else 243 $exclusions .= ' AND ID <> ' . intval($expost) . ' ';242 $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expost); 244 243 } 245 244 } … … 252 251 $query .= empty( $meta_key ) ? '' : ", $wpdb->postmeta "; 253 252 $query .= " WHERE 1=1 "; 254 $query .= empty( $post_type ) ? '' : "AND post_type = '$post_type' ";255 $query .= empty( $post_status ) ? '' : "AND post_status = '$post_status' ";253 $query .= empty( $post_type ) ? '' : $wpdb->prepare("AND post_type = %s ", $post_type); 254 $query .= empty( $post_status ) ? '' : $wpdb->prepare("AND post_status = %s ", $post_status); 256 255 $query .= "$exclusions $inclusions " ; 257 $query .= empty( $category ) ? '' : "AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = " . $category. ") "; 258 $query .= empty( $post_parent ) ? '' : "AND $wpdb->posts.post_parent = '$post_parent' "; 256 $query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d) ", $category); 257 $query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent); 258 // expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works 259 259 $query .= empty( $meta_key ) | empty($meta_value) ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )"; 260 260 $query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order; 261 261 if ( 0 < $numberposts ) 262 $query .= " LIMIT " . $offset . ',' . $numberposts;262 $query .= $wpdb->prepare(" LIMIT %d,%d", $offset, $numberposts); 263 263 264 264 $posts = $wpdb->get_results($query); … … 276 276 global $wpdb, $post_meta_cache, $blog_id; 277 277 278 $post_id = (int) $post_id;279 280 278 if ( $unique ) { 281 if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) { 279 // expected_slashed ($key) 280 if ( $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) { 282 281 return false; 283 282 } … … 287 286 288 287 $value = maybe_serialize($value); 289 $value = $wpdb->escape($value); 290 291 $wpdb->query( "INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");288 289 // expected_slashed ($key) 290 $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES (%d,'$key',%s)", $post_id, $value)); 292 291 293 292 return true; … … 297 296 global $wpdb, $post_meta_cache, $blog_id; 298 297 299 $post_id = (int) $post_id;300 301 298 if ( empty($value) ) { 302 $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'"); 303 } else { 304 $meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'"); 299 // expected_slashed ($key) 300 $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id)); 301 } else { 302 // expected_slashed ($key, $value) 303 $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id)); 305 304 } 306 305 … … 309 308 310 309 if ( empty($value) ) { 311 $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'"); 310 // expected_slashed ($key) 311 $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id)); 312 312 unset($post_meta_cache[$blog_id][$post_id][$key]); 313 313 } else { 314 $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'"); 314 // expected_slashed ($key, $value) 315 $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id)); 315 316 $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; 316 317 if ($cache_key) foreach ( $cache_key as $index => $data ) … … 353 354 global $wpdb, $post_meta_cache, $blog_id; 354 355 355 $post_id = (int) $post_id;356 357 356 $original_value = $value; 358 357 $value = maybe_serialize($value); 359 $value = $wpdb->escape($value);360 358 361 359 $original_prev = $prev_value; 362 360 $prev_value = maybe_serialize($prev_value); 363 $prev_value = $wpdb->escape($prev_value); 364 365 if (! $wpdb->get_var( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {361 362 // expected_slashed ($key) 363 if (! $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) { 366 364 return false; 367 365 } 368 366 369 367 if ( empty($prev_value) ) { 370 $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'"); 368 // expected_slashed ($key) 369 $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d", $value, $post_id)); 371 370 $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; 372 371 if ( !empty($cache_key) ) … … 374 373 $post_meta_cache[$blog_id][$post_id][$key][$index] = $original_value; 375 374 } else { 376 $wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'"); 375 // expected_slashed ($key) 376 $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d AND meta_value = %s", $value, $post_id, $prev_value)); 377 377 $cache_key = $post_meta_cache[$blog_id][$post_id][$key]; 378 378 if ( !empty($cache_key) ) … … 388 388 function delete_post_meta_by_key($post_meta_key) { 389 389 global $wpdb, $post_meta_cache, $blog_id; 390 $post_meta_key = $wpdb->escape($post_meta_key); 391 if ( $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = '$post_meta_key'") ) { 390 if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { 392 391 unset($post_meta_cache[$blog_id]); // not worth doing the work to iterate through the cache 393 392 return true; … … 505 504 function wp_delete_post($postid = 0) { 506 505 global $wpdb, $wp_rewrite; 507 $postid = (int) $postid; 508 509 if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") ) 506 507 if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 510 508 return $post; 511 509 … … 519 517 520 518 if ( 'page' == $post->post_type ) 521 $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'page'");522 523 $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_type = 'attachment'");524 525 $wpdb->query( "DELETE FROM $wpdb->posts WHERE ID = $postid");526 527 $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");528 529 $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE post_id = $postid");519 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = %d AND post_type = 'page'", $postid )); 520 521 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE post_parent = %d AND post_type = 'attachment'", $post->post_parent, $postid )); 522 523 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 524 525 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 526 527 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); 530 528 531 529 if ( 'page' == $post->post_type ) { … … 695 693 696 694 if ( 'draft' != $post_status ) { 697 $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); 695 // expected_slashed ($post_name, $post_type) 696 $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 698 697 699 698 if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { … … 701 700 do { 702 701 $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix"; 703 $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); 702 // expected_slashed ($alt_post_name, $post_name, $post_type) 703 $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 704 704 $suffix++; 705 705 } while ($post_name_check); … … 709 709 710 710 if ($update) { 711 // expected_slashed (everything!) 711 712 $wpdb->query( 713 $wpdb->prepare( 712 714 "UPDATE IGNORE $wpdb->posts SET 713 715 post_author = '$post_author', … … 728 730 post_modified = '".current_time('mysql')."', 729 731 post_modified_gmt = '".current_time('mysql',1)."', 730 post_parent = '$post_parent',732 post_parent = %d, 731 733 menu_order = '$menu_order' 732 WHERE ID = $post_ID"); 733 } else { 734 WHERE ID = %d" 735 , $post_parent, $post_ID )); 736 } else { 737 // expected_slashed (everything!) 734 738 $wpdb->query( 739 $wpdb->prepare( 735 740 "INSERT IGNORE INTO $wpdb->posts 736 741 (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type) 737 742 VALUES 738 ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')");743 ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type')", $post_parent)); 739 744 $post_ID = (int) $wpdb->insert_id; 740 745 } … … 742 747 if ( empty($post_name) && 'draft' != $post_status ) { 743 748 $post_name = sanitize_title($post_title, $post_ID); 744 $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" ); 749 // expected_slashed ($post_name) 750 $wpdb->query($wpdb->prepare("UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID)); 745 751 } 746 752 … … 756 762 // Set GUID 757 763 if ( ! $update ) 758 $wpdb->query( "UPDATE $wpdb->posts SET guid = '" . get_permalink($post_ID) . "' WHERE ID = '$post_ID'");764 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post_ID), $post_ID )); 759 765 760 766 $post = get_post($post_ID); … … 824 830 return; 825 831 826 $wpdb->query( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = '$post_id'");832 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = %d", $post_id )); 827 833 828 834 $old_status = $post->post_status; … … 884 890 function add_ping($post_id, $uri) { // Add a URL to those already pung 885 891 global $wpdb; 886 $pung = $wpdb->get_var( "SELECT pinged FROM $wpdb->posts WHERE ID = $post_id");892 $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 887 893 $pung = trim($pung); 888 894 $pung = preg_split('/\s/', $pung); … … 890 896 $new = implode("\n", $pung); 891 897 $new = apply_filters('add_ping', $new); 892 return $wpdb->query("UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = $post_id"); 898 // expected_slashed ($new) 899 return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = %d", $post_id )); 893 900 } 894 901 … … 914 921 function get_pung($post_id) { // Get URLs already pung for a post 915 922 global $wpdb; 916 $pung = $wpdb->get_var( "SELECT pinged FROM $wpdb->posts WHERE ID = $post_id");923 $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 917 924 $pung = trim($pung); 918 925 $pung = preg_split('/\s/', $pung); … … 923 930 function get_to_ping($post_id) { // Get any URLs in the todo list 924 931 global $wpdb; 925 $to_ping = $wpdb->get_var( "SELECT to_ping FROM $wpdb->posts WHERE ID = $post_id");932 $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 926 933 $to_ping = trim($to_ping); 927 934 $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); … … 1002 1009 } else { // it's not in any caches, so off to the DB we go 1003 1010 // Why are we using assignment for this query? 1004 $_page = & $wpdb->get_row( "SELECT * FROM $wpdb->posts WHERE ID= '$page' LIMIT 1");1011 $_page = & $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID= %d LIMIT 1", $page )); 1005 1012 if ( 'post' == $_page->post_type ) 1006 1013 return get_post($_page, $output); … … 1036 1043 $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir); 1037 1044 1038 $pages = $wpdb->get_results( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = '$leaf_path' AND post_type='page'");1045 $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND post_type='page'", $leaf_path )); 1039 1046 1040 1047 if ( empty($pages) ) … … 1045 1052 $curpage = $page; 1046 1053 while ($curpage->post_parent != 0) { 1047 $curpage = $wpdb->get_row( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = '$curpage->post_parent' and post_type='page'");1054 $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); 1048 1055 $path = '/' . $curpage->post_name . $path; 1049 1056 } … … 1058 1065 function get_page_by_title($page_title, $output = OBJECT) { 1059 1066 global $wpdb; 1060 $page_title = $wpdb->escape($page_title); 1061 $page = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$page_title' AND post_type='page'"); 1067 $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); 1062 1068 if ( $page ) 1063 1069 return get_page($page, $output); … … 1142 1148 foreach ( $incpages as $incpage ) { 1143 1149 if (empty($inclusions)) 1144 $inclusions = ' AND ( ID = ' . intval($incpage) . ' ';1150 $inclusions = $wpdb->prepare(' AND ( ID = %d ', $incpage); 1145 1151 else 1146 $inclusions .= ' OR ID = ' . intval($incpage) . ' ';1152 $inclusions .= $wpdb->prepare(' OR ID = %d ', $incpage); 1147 1153 } 1148 1154 } … … 1157 1163 foreach ( $expages as $expage ) { 1158 1164 if (empty($exclusions)) 1159 $exclusions = ' AND ( ID <> ' . intval($expage) . ' ';1165 $exclusions = $wpdb->prepare(' AND ( ID <> %d ', $expage); 1160 1166 else 1161 $exclusions .= ' AND ID <> ' . intval($expage) . ' ';1167 $exclusions .= $wpdb->prepare(' AND ID <> %d ', $expage); 1162 1168 } 1163 1169 } … … 1183 1189 1184 1190 if ( '' == $author_query ) 1185 $author_query = ' post_author = ' . intval($post_author) . ' ';1191 $author_query = $wpdb->prepare(' post_author = %d ', $post_author); 1186 1192 else 1187 $author_query .= ' OR post_author = ' . intval($post_author) . ' ';1193 $author_query .= $wpdb->prepare(' OR post_author = %d ', $post_author); 1188 1194 } 1189 1195 if ( '' != $author_query ) … … 1195 1201 $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ; 1196 1202 $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ; 1203 // expected_slashed ($meta_key, $meta_value) -- also, it looks funky 1197 1204 $query .= ( empty( $meta_key ) | empty($meta_value) ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ; 1198 1205 $query .= $author_query; … … 1235 1242 // URL => page name 1236 1243 $uri = get_page_uri($id); 1237 $attachments = $wpdb->get_results( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = '$id'");1244 $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); 1238 1245 if ( $attachments ) { 1239 1246 foreach ( $attachments as $attachment ) { … … 1313 1320 $post_name = sanitize_title($post_name); 1314 1321 1322 // expected_slashed ($post_name) 1315 1323 $post_name_check = 1316 $wpdb->get_var( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != '$post_ID' LIMIT 1");1324 $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID)); 1317 1325 1318 1326 if ($post_name_check) { … … 1320 1328 while ($post_name_check) { 1321 1329 $alt_post_name = $post_name . "-$suffix"; 1322 $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != '$post_ID' AND post_parent = '$post_parent' LIMIT 1"); 1330 // expected_slashed ($alt_post_name, $post_name) 1331 $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 1323 1332 $suffix++; 1324 1333 } … … 1362 1371 1363 1372 if ($update) { 1373 // expected_slashed (everything!) 1364 1374 $wpdb->query( 1375 $wpdb->prepare( 1365 1376 "UPDATE $wpdb->posts SET 1366 1377 post_author = '$post_author', … … 1381 1392 post_modified = '".current_time('mysql')."', 1382 1393 post_modified_gmt = '".current_time('mysql',1)."', 1383 post_parent = '$post_parent',1394 post_parent = %d, 1384 1395 menu_order = '$menu_order', 1385 1396 post_mime_type = '$post_mime_type', 1386 1397 guid = '$guid' 1387 WHERE ID = $post_ID"); 1388 } else { 1398 WHERE ID = %d", $post_parent, $post_ID)); 1399 } else { 1400 // expected_slashed (everything!) 1389 1401 $wpdb->query( 1402 $wpdb->prepare( 1390 1403 "INSERT INTO $wpdb->posts 1391 1404 (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) 1392 1405 VALUES 1393 ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");1406 ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type', '$guid')", $post_parent )); 1394 1407 $post_ID = (int) $wpdb->insert_id; 1395 1408 } … … 1397 1410 if ( empty($post_name) ) { 1398 1411 $post_name = sanitize_title($post_title, $post_ID); 1399 $wpdb->query( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = '$post_ID'" ); 1412 // expected_slashed ($post_name) 1413 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID)); 1400 1414 } 1401 1415 … … 1418 1432 function wp_delete_attachment($postid) { 1419 1433 global $wpdb; 1420 $postid = (int) $postid; 1421 1422 if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") ) 1434 1435 if ( !$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 1423 1436 return $post; 1424 1437 … … 1432 1445 wp_delete_object_term_relationships($postid, array('category', 'post_tag')); 1433 1446 1434 $wpdb->query( "DELETE FROM $wpdb->posts WHERE ID = '$postid'");1435 1436 $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");1437 1438 $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");1447 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 1448 1449 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 1450 1451 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); 1439 1452 1440 1453 if ( ! empty($meta['thumb']) ) { 1441 1454 // Don't delete the thumb if another attachment uses it 1442 if (! $wpdb->get_row( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid")) {1455 if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) { 1443 1456 $thumbfile = str_replace(basename($file), $meta['thumb'], $file); 1444 1457 $thumbfile = apply_filters('wp_delete_file', $thumbfile); … … 1832 1845 if ( $old_status != 'publish' && $new_status == 'publish' ) { 1833 1846 // Reset GUID if transitioning to publish. 1834 $wpdb->query( "UPDATE $wpdb->posts SET guid = '" . get_permalink($post->ID) . "' WHERE ID = '$post->ID'");1847 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post->ID), $post->ID )); 1835 1848 do_action('private_to_published', $post->ID); // Deprecated, use private_to_publish 1836 1849 } … … 1860 1873 1861 1874 if ( get_option('default_pingback_flag') ) 1862 $result = $wpdb->query( "1875 $result = $wpdb->query( $wpdb->prepare( " 1863 1876 INSERT INTO $wpdb->postmeta 1864 1877 (post_id,meta_key,meta_value) 1865 VALUES ( '$post_id','_pingme','1')1866 " );1867 $result = $wpdb->query( "1878 VALUES (%s,'_pingme','1') 1879 ", $post_id )); 1880 $result = $wpdb->query( $wpdb->prepare( " 1868 1881 INSERT INTO $wpdb->postmeta 1869 1882 (post_id,meta_key,meta_value) 1870 VALUES ( '$post_id','_encloseme','1')1871 " );1883 VALUES (%s,'_encloseme','1') 1884 ", $post_id )); 1872 1885 wp_schedule_single_event(time(), 'do_pings'); 1873 1886 }
Note: See TracChangeset
for help on using the changeset viewer.