diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 0979971488..b6420e22b5 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -1255,11 +1255,11 @@ case 'find_posts': $searchand = $search = ''; foreach ( (array) $search_terms as $term ) { - $term = addslashes_gpc($term); + $term = esc_sql( like_escape( $term ) ); $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; $searchand = ' AND '; } - $term = $wpdb->escape($s); + $term = esc_sql( like_escape( $s ) ); if ( count($search_terms) > 1 && $search_terms[0] != $s ) $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php index 78e2cb3f43..789d0c4da1 100644 --- a/wp-includes/canonical.php +++ b/wp-includes/canonical.php @@ -385,7 +385,7 @@ function redirect_guess_404_permalink() { if ( !get_query_var('name') ) return false; - $where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%'); + $where = $wpdb->prepare("post_name LIKE %s", like_escape( get_query_var('name') ) . '%'); // if any of post_type, year, monthnum, or day are set, use them to refine the query if ( get_query_var('post_type') ) diff --git a/wp-includes/class-wp-xmlrpc-server.php b/wp-includes/class-wp-xmlrpc-server.php index 5dbecc0f2c..b4b566e07c 100644 --- a/wp-includes/class-wp-xmlrpc-server.php +++ b/wp-includes/class-wp-xmlrpc-server.php @@ -3367,7 +3367,7 @@ class wp_xmlrpc_server extends IXR_Server { } elseif ( is_string($urltest['fragment']) ) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); - $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); + $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", like_escape( $title ) ); if (! ($post_ID = $wpdb->get_var($sql)) ) { // returning unknown error '0' is better than die()ing return new IXR_Error(0, ''); diff --git a/wp-includes/comment.php b/wp-includes/comment.php index c370102117..897d766dae 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -345,7 +345,7 @@ class WP_Comment_Query { * @return string */ function get_search_sql( $string, $cols ) { - $string = esc_sql( $string ); + $string = esc_sql( like_escape( $string ) ); $searches = array(); foreach ( $cols as $col ) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 2d61529a76..e03144f43a 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1206,7 +1206,7 @@ function do_enclose( $content, $post_ID ) { foreach ( $pung as $link_test ) { if ( !in_array( $link_test, $post_links_temp[0] ) ) { // link no longer in post - $mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $link_test . '%') ); + $mid = $wpdb->get_col( $wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $link_test ) . '%') ); do_action( 'delete_postmeta', $mid ); $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $mid ) ) ); do_action( 'deleted_postmeta', $mid ); @@ -1226,7 +1226,7 @@ function do_enclose( $content, $post_ID ) { } foreach ( (array) $post_links as $url ) { - if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) { + if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, like_escape( $url ) . '%' ) ) ) { if ( $headers = wp_get_http_headers( $url) ) { $len = (int) $headers['content-length']; diff --git a/wp-includes/query.php b/wp-includes/query.php index 4161836977..f2e94a79e3 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -2045,11 +2045,11 @@ class WP_Query { $n = !empty($q['exact']) ? '' : '%'; $searchand = ''; foreach( (array) $q['search_terms'] as $term ) { - $term = addslashes_gpc($term); + $term = esc_sql( like_escape( $term ) ); $search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))"; $searchand = ' AND '; } - $term = esc_sql($q['s']); + $term = esc_sql( like_escape( $q['s'] ) ); if ( empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] ) $search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')"; diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index b708838440..a7b0bc5550 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -1237,7 +1237,7 @@ function &get_terms($taxonomies, $args = '') { } if ( !empty($name__like) ) - $where .= " AND t.name LIKE '{$name__like}%'"; + $where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'"; if ( '' !== $parent ) { $parent = (int) $parent;