Use prepare() in wp_insert_attachment(). Props dwc. fixes #7933

git-svn-id: http://svn.automattic.com/wordpress/trunk@9259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-10-20 21:55:37 +00:00
parent a9fc6fc48f
commit 2d61441067
1 changed files with 2 additions and 2 deletions

View File

@ -2281,14 +2281,14 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
$post_name = sanitize_title($post_name); $post_name = sanitize_title($post_name);
// expected_slashed ($post_name) // expected_slashed ($post_name)
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID)); $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID));
if ($post_name_check) { if ($post_name_check) {
$suffix = 2; $suffix = 2;
while ($post_name_check) { while ($post_name_check) {
$alt_post_name = $post_name . "-$suffix"; $alt_post_name = $post_name . "-$suffix";
// expected_slashed ($alt_post_name, $post_name) // expected_slashed ($alt_post_name, $post_name)
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent));
$suffix++; $suffix++;
} }
$post_name = $alt_post_name; $post_name = $alt_post_name;