WordPress.org

Make WordPress Core

Changeset 7632


Ignore:
Timestamp:
04/08/08 17:29:39 (6 years ago)
Author:
ryan
Message:

Use DB prepare on login queries. Props filosofo. fixes #6640 for 2.5

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/wp-login.php

    r7524 r7632  
    9191    do_action('retrieve_password', $user_login); 
    9292 
    93     $key = $wpdb->get_var("SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'"); 
     93    $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); 
    9494    if ( empty($key) ) { 
    9595        // Generate something random for a key... 
     
    9797        do_action('retrieve_password_key', $user_login, $key); 
    9898        // Now insert the new md5 key into the db 
    99         $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); 
     99        $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); 
    100100    } 
    101101    $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
     
    119119        return new WP_Error('invalid_key', __('Invalid key')); 
    120120 
    121     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); 
     121    $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); 
    122122    if ( empty( $user ) ) 
    123123        return new WP_Error('invalid_key', __('Invalid key')); 
Note: See TracChangeset for help on using the changeset viewer.