IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use wp_slash() in places where we improperly used the DB API instead. see #21767.

Browse Source 
git-svn-id: http://core.svn.wordpress.org/trunk@24713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin
2013-07-16 14:19:03 +00:00
parent dffd2b1bd9
commit 8d65dc2469
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/ajax-actions.php
View File

@@ -739,9 +739,9 @@ function wp_ajax_replyto_comment( $action ) {
$user = wp_get_current_user();
if ( $user->exists() ) {
$user_ID = $user->ID;
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$comment_author = wp_slash( $user->display_name );
$comment_author_email = wp_slash( $user->user_email );
$comment_author_url = wp_slash( $user->user_url );
$comment_content = trim($_POST['content']);
if ( current_user_can( 'unfiltered_html' ) ) {
if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {

2
wp-admin/includes/post.php
View File

@@ -646,7 +646,7 @@ function add_meta( $post_ID ) {
if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
return false;
$metakey = esc_sql( $metakey );
$metakey = wp_slash( $metakey );
return add_post_meta( $post_ID, $metakey, $metavalue );
}