IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use sanitize_key() instead of esc_sql() when 'escaping' variable DB field names. see #21767.

Browse Source 
git-svn-id: http://core.svn.wordpress.org/trunk@24714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin
2013-07-16 14:21:05 +00:00
parent 8d65dc2469
commit 4fd4d4452f
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/taxonomy.php
View File

@@ -791,7 +791,7 @@ class WP_Tax_Query {
if ( $query['field'] == $resulting_field )
return;
$resulting_field = esc_sql( $resulting_field );
$resulting_field = sanitize_key( $resulting_field );
switch ( $query['field'] ) {
case 'slug':