WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use prepare instead of escape. 

see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Ryan Boren 2013-03-01 17:01:01 +00:00
parent 5f809d1d22
commit 68b11a7c8f
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-admin/includes/schema.php
View File

@ -505,13 +505,11 @@ function populate_options() {
else
$autoload = 'yes';
$option = $wpdb->escape($option);
if ( is_array($value) )
$value = serialize($value);
$value = $wpdb->escape($value);
if ( !empty($insert) )
$insert .= ', ';
$insert .= "('$option', '$value', '$autoload')";
$insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload );
}
if ( !empty($insert) )
@ -921,13 +919,11 @@ We hope you enjoy your new site. Thanks!
$insert = '';
foreach ( $sitemeta as $meta_key => $meta_value ) {
$meta_key = $wpdb->escape( $meta_key );
if ( is_array( $meta_value ) )
$meta_value = serialize( $meta_value );
$meta_value = $wpdb->escape( $meta_value );
if ( !empty( $insert ) )
$insert .= ', ';
$insert .= "( $network_id, '$meta_key', '$meta_value')";
$insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value );
}
$wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert );