Use prepare() in wp_insert_attachment(). Props dwc. fixes #7933
git-svn-id: http://svn.automattic.com/wordpress/trunk@9259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
a9fc6fc48f
commit
2d61441067
|
@ -2281,14 +2281,14 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
|
|||
$post_name = sanitize_title($post_name);
|
||||
|
||||
// expected_slashed ($post_name)
|
||||
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID));
|
||||
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID));
|
||||
|
||||
if ($post_name_check) {
|
||||
$suffix = 2;
|
||||
while ($post_name_check) {
|
||||
$alt_post_name = $post_name . "-$suffix";
|
||||
// expected_slashed ($alt_post_name, $post_name)
|
||||
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
|
||||
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent));
|
||||
$suffix++;
|
||||
}
|
||||
$post_name = $alt_post_name;
|
||||
|
|
Loading…
Reference in New Issue