Stripslashes post meta values before handing off to add_post_meta. Use wpdb::escape instead of addslashes. Props takayukister. fixes #4028

git-svn-id: http://svn.automattic.com/wordpress/trunk@5249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-04-12 02:58:41 +00:00
parent 0e28e967ad
commit 44111a3ae7
1 changed files with 3 additions and 1 deletions

View File

@ -35,8 +35,9 @@ class WP_Import {
} }
function get_tag( $string, $tag ) { function get_tag( $string, $tag ) {
global $wpdb;
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return); preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
$return = addslashes( trim( $return[1] ) ); $return = $wpdb->escape( trim( $return[1] ) );
return $return; return $return;
} }
@ -336,6 +337,7 @@ class WP_Import {
if ( $postmeta) { foreach ($postmeta as $p) { if ( $postmeta) { foreach ($postmeta as $p) {
$key = $this->get_tag( $p, 'wp:meta_key' ); $key = $this->get_tag( $p, 'wp:meta_key' );
$value = $this->get_tag( $p, 'wp:meta_value' ); $value = $this->get_tag( $p, 'wp:meta_value' );
$value = stripslashes($value); // add_post_meta() will escape.
add_post_meta( $post_id, $key, $value ); add_post_meta( $post_id, $key, $value );
} } } }
} }