Fix potential SQLi through improper use of API functions.
git-svn-id: http://core.svn.wordpress.org/trunk@24875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
@@ -186,7 +186,7 @@ function get_bookmarks($args = '') {
|
||||
}
|
||||
|
||||
if ( ! empty($search) ) {
|
||||
$search = like_escape($search);
|
||||
$search = esc_sql( like_escape( $search ) );
|
||||
$search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user