Stripslashes post meta values before handing off to add_post_meta. Use wpdb::escape instead of addslashes. Props takayukister. fixes #4028
git-svn-id: http://svn.automattic.com/wordpress/trunk@5249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
0e28e967ad
commit
44111a3ae7
|
@ -35,8 +35,9 @@ class WP_Import {
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_tag( $string, $tag ) {
|
function get_tag( $string, $tag ) {
|
||||||
|
global $wpdb;
|
||||||
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
|
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
|
||||||
$return = addslashes( trim( $return[1] ) );
|
$return = $wpdb->escape( trim( $return[1] ) );
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -336,6 +337,7 @@ class WP_Import {
|
||||||
if ( $postmeta) { foreach ($postmeta as $p) {
|
if ( $postmeta) { foreach ($postmeta as $p) {
|
||||||
$key = $this->get_tag( $p, 'wp:meta_key' );
|
$key = $this->get_tag( $p, 'wp:meta_key' );
|
||||||
$value = $this->get_tag( $p, 'wp:meta_value' );
|
$value = $this->get_tag( $p, 'wp:meta_value' );
|
||||||
|
$value = stripslashes($value); // add_post_meta() will escape.
|
||||||
add_post_meta( $post_id, $key, $value );
|
add_post_meta( $post_id, $key, $value );
|
||||||
} }
|
} }
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue