diff --git a/wp-admin/includes/class-wp-ms-sites-list-table.php b/wp-admin/includes/class-wp-ms-sites-list-table.php index 74a961b8e6..43652e68a6 100644 --- a/wp-admin/includes/class-wp-ms-sites-list-table.php +++ b/wp-admin/includes/class-wp-ms-sites-list-table.php @@ -38,8 +38,6 @@ class WP_MS_Sites_List_Table extends WP_List_Table { $s = trim($s, '*'); } - $like_s = esc_sql( like_escape( $s ) ); - // If the network is large and a search is not being performed, show only the latest blogs with no paging in order // to avoid expensive count queries. if ( !$s && wp_is_large_network() ) { @@ -58,7 +56,8 @@ class WP_MS_Sites_List_Table extends WP_List_Table { preg_match( '/^[0-9]{1,3}\.[0-9]{1,3}\.?$/', $s ) || preg_match( '/^[0-9]{1,3}\.$/', $s ) ) { // IPv4 address - $reg_blog_ids = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->registration_log} WHERE {$wpdb->registration_log}.IP LIKE ( '{$like_s}$wild' )" ); + $sql = $wpdb->prepare( "SELECT blog_id FROM {$wpdb->registration_log} WHERE {$wpdb->registration_log}.IP LIKE %s", $wpdb->esc_like( $s ) . $wild ); + $reg_blog_ids = $wpdb->get_col( $sql ); if ( !$reg_blog_ids ) $reg_blog_ids = array( 0 ); @@ -69,17 +68,18 @@ class WP_MS_Sites_List_Table extends WP_List_Table { AND {$wpdb->blogs}.blog_id IN (" . implode( ', ', $reg_blog_ids ) . ")"; } else { if ( is_numeric($s) && empty( $wild ) ) { - $query .= " AND ( {$wpdb->blogs}.blog_id = '{$like_s}' )"; + $query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.blog_id = %s )", $s ); } elseif ( is_subdomain_install() ) { - $blog_s = str_replace( '.' . $current_site->domain, '', $like_s ); - $blog_s .= $wild . '.' . $current_site->domain; - $query .= " AND ( {$wpdb->blogs}.domain LIKE '$blog_s' ) "; + $blog_s = str_replace( '.' . $current_site->domain, '', $s ); + $blog_s = $wpdb->esc_like( $blog_s ) . $wild . $wpdb->esc_like( '.' . $current_site->domain ); + $query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.domain LIKE %s ) ", $blog_s ); } else { - if ( $like_s != trim('/', $current_site->path) ) - $blog_s = $current_site->path . $like_s . $wild . '/'; - else - $blog_s = $like_s; - $query .= " AND ( {$wpdb->blogs}.path LIKE '$blog_s' )"; + if ( $s != trim('/', $current_site->path) ) { + $blog_s = $wpdb->esc_like( $current_site->path . $s ) . $wild . $wpdb->esc_like( '/' ); + } else { + $blog_s = $wpdb->esc_like( $s ); + } + $query .= $wpdb->prepare( " AND ( {$wpdb->blogs}.path LIKE %s )", $blog_s ); } } diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php index 70ae6a96b9..b88a7ab6f9 100644 --- a/wp-admin/includes/schema.php +++ b/wp-admin/includes/schema.php @@ -553,19 +553,21 @@ function populate_options() { // The multi-table delete syntax is used to delete the transient record from table a, // and the corresponding transient_timeout record from table b. $time = time(); - $wpdb->query("DELETE a, b FROM $wpdb->options a, $wpdb->options b WHERE - a.option_name LIKE '\_transient\_%' AND - a.option_name NOT LIKE '\_transient\_timeout\_%' AND - b.option_name = CONCAT( '_transient_timeout_', SUBSTRING( a.option_name, 12 ) ) - AND b.option_value < $time"); + $sql = "DELETE a, b FROM $wpdb->options a, $wpdb->options b + WHERE a.option_name LIKE %s + AND a.option_name NOT LIKE %s + AND b.option_name = CONCAT( '_transient_timeout_', SUBSTRING( a.option_name, 12 ) ) + AND b.option_value < %d"; + $wpdb->query( $wpdb->prepare( $sql, $wpdb->esc_like( '_transient_' ) . '%', $wpdb->esc_like( '_transient_timeout_' ) . '%', $time ) ); if ( is_main_site() && is_main_network() ) { - $wpdb->query("DELETE a, b FROM $wpdb->options a, $wpdb->options b WHERE - a.option_name LIKE '\_site\_transient\_%' AND - a.option_name NOT LIKE '\_site\_transient\_timeout\_%' AND - b.option_name = CONCAT( '_site_transient_timeout_', SUBSTRING( a.option_name, 17 ) ) - AND b.option_value < $time"); - } + $sql = "DELETE a, b FROM $wpdb->options a, $wpdb->options b + WHERE a.option_name LIKE %s + AND a.option_name NOT LIKE %s + AND b.option_name = CONCAT( '_site_transient_timeout_', SUBSTRING( a.option_name, 17 ) ) + AND b.option_value < %d"; + $wpdb->query( $wpdb->prepare( $sql, $wpdb->esc_like( '_site_transient_' ) . '%', $wpdb->esc_like( '_site_transient_timeout_' ) . '%', $time ) ); + } } /** diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index f43b0b6c83..98bba48de0 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -632,14 +632,14 @@ function meta_form( $post = null ) { * * @param int $limit Number of custom fields to retrieve. Default 30. */ - $limit = (int) apply_filters( 'postmeta_form_limit', 30 ); - $keys = $wpdb->get_col( " - SELECT meta_key + $limit = apply_filters( 'postmeta_form_limit', 30 ); + $sql = "SELECT meta_key FROM $wpdb->postmeta GROUP BY meta_key - HAVING meta_key NOT LIKE '\_%' + HAVING meta_key NOT LIKE %s ORDER BY meta_key - LIMIT $limit" ); + LIMIT %d"; + $keys = $wpdb->get_col( $wpdb->prepare( $sql, $wpdb->esc_like( '_' ) . '%', $limit ) ); if ( $keys ) { natcasesort( $keys ); $meta_key_input_id = 'metakeyselect'; diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index 558b88e60b..72c67b4e9d 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -465,9 +465,11 @@ function upgrade_100() { } } - $wpdb->query("UPDATE $wpdb->options SET option_value = REPLACE(option_value, 'wp-links/links-images/', 'wp-images/links/') - WHERE option_name LIKE 'links_rating_image%' - AND option_value LIKE 'wp-links/links-images/%'"); + $sql = "UPDATE $wpdb->options + SET option_value = REPLACE(option_value, 'wp-links/links-images/', 'wp-images/links/') + WHERE option_name LIKE %s + AND option_value LIKE %s"; + $wpdb->query( $wpdb->prepare( $sql, $wpdb->esc_like( 'links_rating_image' ) . '%', $wpdb->esc_like( 'wp-links/links-images/' ) . '%' ) ); $done_ids = $wpdb->get_results("SELECT DISTINCT post_id FROM $wpdb->post2cat"); if ($done_ids) : @@ -1100,9 +1102,28 @@ function upgrade_300() { // 3.0 screen options key name changes. if ( is_main_site() && !defined('DO_NOT_UPGRADE_GLOBAL_TABLES') ) { - $prefix = like_escape($wpdb->base_prefix); - $wpdb->query( "DELETE FROM $wpdb->usermeta WHERE meta_key LIKE '{$prefix}%meta-box-hidden%' OR meta_key LIKE '{$prefix}%closedpostboxes%' OR meta_key LIKE '{$prefix}%manage-%-columns-hidden%' OR meta_key LIKE '{$prefix}%meta-box-order%' OR meta_key LIKE '{$prefix}%metaboxorder%' OR meta_key LIKE '{$prefix}%screen_layout%' - OR meta_key = 'manageedittagscolumnshidden' OR meta_key='managecategoriescolumnshidden' OR meta_key = 'manageedit-tagscolumnshidden' OR meta_key = 'manageeditcolumnshidden' OR meta_key = 'categories_per_page' OR meta_key = 'edit_tags_per_page'" ); + $sql = "DELETE FROM $wpdb->usermeta + WHERE meta_key LIKE %s + OR meta_key LIKE %s + OR meta_key LIKE %s + OR meta_key LIKE %s + OR meta_key LIKE %s + OR meta_key LIKE %s + OR meta_key = 'manageedittagscolumnshidden' + OR meta_key = 'managecategoriescolumnshidden' + OR meta_key = 'manageedit-tagscolumnshidden' + OR meta_key = 'manageeditcolumnshidden' + OR meta_key = 'categories_per_page' + OR meta_key = 'edit_tags_per_page'"; + $prefix = $wpdb->esc_like( $wpdb->base_prefix ); + $wpdb->query( $wpdb->prepare( $sql, + $prefix . '%' . $wpdb->esc_like( 'meta-box-hidden' ) . '%', + $prefix . '%' . $wpdb->esc_like( 'closedpostboxes' ) . '%', + $prefix . '%' . $wpdb->esc_like( 'manage-' ) . '%' . $wpdb->esc_like( '-columns-hidden' ) . '%', + $prefix . '%' . $wpdb->esc_like( 'meta-box-order' ) . '%', + $prefix . '%' . $wpdb->esc_like( 'metaboxorder' ) . '%', + $prefix . '%' . $wpdb->esc_like( 'screen_layout' ) . '%' + ) ); } } @@ -1284,11 +1305,12 @@ function upgrade_network() { // The multi-table delete syntax is used to delete the transient record from table a, // and the corresponding transient_timeout record from table b. $time = time(); - $wpdb->query("DELETE a, b FROM $wpdb->sitemeta a, $wpdb->sitemeta b WHERE - a.meta_key LIKE '\_site\_transient\_%' AND - a.meta_key NOT LIKE '\_site\_transient\_timeout\_%' AND - b.meta_key = CONCAT( '_site_transient_timeout_', SUBSTRING( a.meta_key, 17 ) ) - AND b.meta_value < $time"); + $sql = "DELETE a, b FROM $wpdb->sitemeta a, $wpdb->sitemeta b + WHERE a.meta_key LIKE %s + AND a.meta_key NOT LIKE %s + AND b.meta_key = CONCAT( '_site_transient_timeout_', SUBSTRING( a.meta_key, 17 ) ) + AND b.meta_value < %d"; + $wpdb->query( $wpdb->prepare( $sql, $wpdb->esc_like( '_site_transient_' ) . '%', $wpdb->esc_like ( '_site_transient_timeout_' ) . '%', $time ) ); } // 2.8 @@ -1382,13 +1404,18 @@ function upgrade_network() { */ function maybe_create_table($table_name, $create_ddl) { global $wpdb; - if ( $wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name ) + + $query = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $table_name ) ); + + if ( $wpdb->get_var( $query ) == $table_name ) { return true; + } //didn't find it try to create it. $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! - if ( $wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name ) + if ( $wpdb->get_var( $query ) == $table_name ) { return true; + } return false; } diff --git a/wp-admin/install.php b/wp-admin/install.php index d363e2db7d..fdfcbdd62d 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -74,7 +74,9 @@ function display_header() { */ function display_setup_form( $error = null ) { global $wpdb; - $user_table = ( $wpdb->get_var("SHOW TABLES LIKE '$wpdb->users'") != null ); + + $sql = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $wpdb->users ) ); + $user_table = ( $wpdb->get_var( $sql ) != null ); // Ensure that Blogs appear in search engines by default $blog_public = 1; diff --git a/wp-admin/maint/repair.php b/wp-admin/maint/repair.php index 361229f555..db40a7aae7 100644 --- a/wp-admin/maint/repair.php +++ b/wp-admin/maint/repair.php @@ -36,8 +36,10 @@ if ( ! defined( 'WP_ALLOW_REPAIR' ) ) { $tables = $wpdb->tables(); // Sitecategories may not exist if global terms are disabled. - if ( is_multisite() && ! $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->sitecategories'" ) ) + $query = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $wpdb->sitecategories ) ); + if ( is_multisite() && ! $wpdb->get_var( $query ) ) { unset( $tables['sitecategories'] ); + } /** * Filter additional database tables to repair. diff --git a/wp-admin/network.php b/wp-admin/network.php index 27acf98fe5..e848009cb5 100644 --- a/wp-admin/network.php +++ b/wp-admin/network.php @@ -39,8 +39,11 @@ foreach ( $wpdb->tables( 'ms_global' ) as $table => $prefixed_table ) */ function network_domain_check() { global $wpdb; - if ( $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) ) + + $sql = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $wpdb->site ) ); + if ( $wpdb->get_var( $sql ) ) { return $wpdb->get_var( "SELECT domain FROM $wpdb->site ORDER BY id ASC LIMIT 1" ); + } return false; } diff --git a/wp-admin/network/site-settings.php b/wp-admin/network/site-settings.php index aeca875e50..1decdcbec1 100644 --- a/wp-admin/network/site-settings.php +++ b/wp-admin/network/site-settings.php @@ -113,7 +113,14 @@ if ( ! empty( $messages ) ) { get_blog_prefix( $id ); - $options = $wpdb->get_results( "SELECT * FROM {$blog_prefix}options WHERE option_name NOT LIKE '\_%' AND option_name NOT LIKE '%user_roles'" ); + $sql = "SELECT * FROM {$blog_prefix}options + WHERE option_name NOT LIKE %s + AND option_name NOT LIKE %s"; + $query = $wpdb->prepare( $sql, + $wpdb->esc_like( '_' ) . '%', + '%' . $wpdb->esc_like( 'user_roles' ) + ); + $options = $wpdb->get_results( $query ); foreach ( $options as $option ) { if ( $option->option_name == 'default_role' ) $editblog_default_role = $option->option_value; diff --git a/wp-includes/bookmark.php b/wp-includes/bookmark.php index 775524b3b2..cc89f407af 100644 --- a/wp-includes/bookmark.php +++ b/wp-includes/bookmark.php @@ -208,8 +208,8 @@ function get_bookmarks( $args = '' ) { $search = ''; if ( ! empty( $r['search'] ) ) { - $search = esc_sql( like_escape( $r['search'] ) ); - $search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) "; + $like = '%' . $wpdb->esc_like( $r['search'] ) . '%'; + $search = $wpdb->prepare(" AND ( (link_url LIKE %s) OR (link_name LIKE %s) OR (link_description LIKE %s) ) ", $like, $like, $like ); } $category_query = ''; diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index 8400c94880..f563792c54 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -504,7 +504,7 @@ function redirect_guess_404_permalink() { global $wpdb, $wp_rewrite; if ( get_query_var('name') ) { - $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%'); + $where = $wpdb->prepare("post_name LIKE %s", $wpdb->esc_like( get_query_var('name') ) . '%'); // if any of post_type, year, monthnum, or day are set, use them to refine the query if ( get_query_var('post_type') ) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 293eb0137e..1c1e357d60 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -5764,7 +5764,7 @@ class wp_xmlrpc_server extends IXR_Server { } elseif ( is_string($urltest['fragment']) ) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); - $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", like_escape( $title ) ); + $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title ); if (! ($post_ID = $wpdb->get_var($sql)) ) { // returning unknown error '0' is better than die()ing return $this->pingback_error( 0, '' ); diff --git a/wp-includes/comment.php b/wp-includes/comment.php index 9747bf7892..eaabee66a0 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -481,11 +481,11 @@ class WP_Comment_Query { * @return string */ protected function get_search_sql( $string, $cols ) { - $string = esc_sql( like_escape( $string ) ); + global $wpdb; $searches = array(); foreach ( $cols as $col ) - $searches[] = "$col LIKE '%$string%'"; + $searches[] = $wpdb->prepare( "$col LIKE %s", $wpdb->esc_like( $string ) ); return ' AND (' . implode(' OR ', $searches) . ')'; } diff --git a/wp-includes/functions.php b/wp-includes/functions.php index ee1bca2172..c62036f7e8 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -479,7 +479,7 @@ function do_enclose( $content, $post_ID ) { foreach ( $pung as $link_test ) { if ( ! in_array( $link_test, $post_links_temp ) ) { // link no longer in post - $mids = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') ); + $mids = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post_ID, $wpdb->esc_like( $link_test ) . '%') ); foreach ( $mids as $mid ) delete_metadata_by_mid( 'post', $mid ); } @@ -498,7 +498,7 @@ function do_enclose( $content, $post_ID ) { } foreach ( (array) $post_links as $url ) { - if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $url ) . '%' ) ) ) { + if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post_ID, $wpdb->esc_like( $url ) . '%' ) ) ) { if ( $headers = wp_get_http_headers( $url) ) { $len = isset( $headers['content-length'] ) ? (int) $headers['content-length'] : 0; diff --git a/wp-includes/meta.php b/wp-includes/meta.php index 965b863fa5..2f272f4cdd 100644 --- a/wp-includes/meta.php +++ b/wp-includes/meta.php @@ -1047,8 +1047,8 @@ class WP_Meta_Query { } elseif ( 'BETWEEN' == substr( $meta_compare, -7) ) { $meta_value = array_slice( $meta_value, 0, 2 ); $meta_compare_string = '%s AND %s'; - } elseif ( 'LIKE' == substr( $meta_compare, -4 ) ) { - $meta_value = '%' . like_escape( $meta_value ) . '%'; + } elseif ( 'LIKE' == $meta_compare || 'NOT LIKE' == $meta_compare ) { + $meta_value = '%' . $wpdb->esc_like( $meta_value ) . '%'; $meta_compare_string = '%s'; } else { $meta_compare_string = '%s'; diff --git a/wp-includes/ms-load.php b/wp-includes/ms-load.php index 02224bd548..a202034b8c 100644 --- a/wp-includes/ms-load.php +++ b/wp-includes/ms-load.php @@ -397,14 +397,17 @@ function ms_not_installed() { $title = __( 'Error establishing a database connection' ); $msg = '

' . $title . '

'; - if ( ! is_admin() ) + if ( ! is_admin() ) { die( $msg ); + } $msg .= '

' . __( 'If your site does not display, please contact the owner of this network.' ) . ''; $msg .= ' ' . __( 'If you are the owner of this network please check that MySQL is running properly and all tables are error free.' ) . '

'; - if ( ! $wpdb->get_var( "SHOW TABLES LIKE '$wpdb->site'" ) ) + $query = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $wpdb->site ) ); + if ( ! $wpdb->get_var( $query ) ) { $msg .= '

' . sprintf( __( 'Database tables are missing. This means that MySQL is not running, WordPress was not installed properly, or someone deleted %s. You really should look at your database now.' ), $wpdb->site ) . '

'; - else + } else { $msg .= '

' . sprintf( __( 'Could not find site %1$s. Searched for table %2$s in database %3$s. Is that right?' ), rtrim( $domain . $path, '/' ), $wpdb->blogs, DB_NAME ) . '

'; + } $msg .= '

' . __( 'What do I do now?' ) . ' '; $msg .= __( 'Read the bug report page. Some of the guidelines there may help you figure out what went wrong.' ); $msg .= ' ' . __( 'If you’re still stuck with this message, then check that your database contains the following tables:' ) . '