Add like_escape() to some queries. fixes #15764

git-svn-id: http://svn.automattic.com/wordpress/trunk@16999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 14:22:41 +00:00 · 2010-12-16 14:22:41 +00:00 · 7e25e3b363
parent ad2ab9b7ae
commit 7e25e3b363
7 changed files with 10 additions and 10 deletions
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@ -1255,11 +1255,11 @@ case 'find_posts':

 	$searchand = $search = '';
 	foreach ( (array) $search_terms as $term ) {
-		$term = addslashes_gpc($term);
+		$term = esc_sql( like_escape( $term ) );
 		$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
 		$searchand = ' AND ';
 	}
-	$term = $wpdb->escape($s);
+	$term = esc_sql( like_escape( $s ) );
 	if ( count($search_terms) > 1 && $search_terms[0] != $s )
 		$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";

--- a/wp-includes/canonical.php
+++ b/wp-includes/canonical.php
@ -385,7 +385,7 @@ function redirect_guess_404_permalink() {
 	if ( !get_query_var('name') )
 		return false;

-	$where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%');
+	$where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%');

 	// if any of post_type, year, monthnum, or day are set, use them to refine the query
 	if ( get_query_var('post_type') )
--- a/wp-includes/class-wp-xmlrpc-server.php
+++ b/wp-includes/class-wp-xmlrpc-server.php
@ -3367,7 +3367,7 @@ class wp_xmlrpc_server extends IXR_Server {
 			} elseif ( is_string($urltest['fragment']) ) {
 				// ...or a string #title, a little more complicated
 				$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
-				$sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
+				$sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", like_escape( $title ) );
 				if (! ($post_ID = $wpdb->get_var($sql)) ) {
 					// returning unknown error '0' is better than die()ing
 			  		return new IXR_Error(0, '');
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@ -345,7 +345,7 @@ class WP_Comment_Query {
 	 * @return string
 	 */
 	function get_search_sql( $string, $cols ) {
-		$string = esc_sql( $string );
+		$string = esc_sql( like_escape( $string ) );

 		$searches = array();
 		foreach ( $cols as $col )
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -1206,7 +1206,7 @@ function do_enclose( $content, $post_ID ) {

 	foreach ( $pung as $link_test ) {
 		if ( !in_array( $link_test, $post_links_temp[0] ) ) { // link no longer in post
-			$mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $link_test . '%') );
+			$mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') );
 			do_action( 'delete_postmeta', $mid );
 			$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $mid ) ) );
 			do_action( 'deleted_postmeta', $mid );
@ -1226,7 +1226,7 @@ function do_enclose( $content, $post_ID ) {
 	}

 	foreach ( (array) $post_links as $url ) {
-		if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) {
+		if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $url ) . '%' ) ) ) {

 			if ( $headers = wp_get_http_headers( $url) ) {
 				$len = (int) $headers['content-length'];
--- a/wp-includes/query.php
+++ b/wp-includes/query.php
@ -2045,11 +2045,11 @@ class WP_Query {
 			$n = !empty($q['exact']) ? '' : '%';
 			$searchand = '';
 			foreach( (array) $q['search_terms'] as $term ) {
-				$term = addslashes_gpc($term);
+				$term = esc_sql( like_escape( $term ) );
 				$search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
 				$searchand = ' AND ';
 			}
-			$term = esc_sql($q['s']);
+			$term = esc_sql( like_escape( $q['s'] ) );
 			if ( empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
 				$search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";

--- a/wp-includes/taxonomy.php
+++ b/wp-includes/taxonomy.php
@ -1237,7 +1237,7 @@ function &get_terms($taxonomies, $args = '') {
 	}

 	if ( !empty($name__like) )
-		$where .= " AND t.name LIKE '{$name__like}%'";
+		$where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'";

 	if ( '' !== $parent ) {
 		$parent = (int) $parent;