Add some prophylactic int casts and quoting.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
85f5f5229f
commit
8da6c47ae3
|
@ -60,7 +60,9 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
|
||||||
|
|
||||||
function get_approved_comments($post_id) {
|
function get_approved_comments($post_id) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
|
|
||||||
|
$post_id = (int) $post_id;
|
||||||
|
return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Retrieves comment data given a comment ID or comment object.
|
// Retrieves comment data given a comment ID or comment object.
|
||||||
|
|
|
@ -365,7 +365,7 @@ function wp_delete_attachment($postid) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
$postid = (int) $postid;
|
$postid = (int) $postid;
|
||||||
|
|
||||||
if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
|
if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
|
||||||
return $post;
|
return $post;
|
||||||
|
|
||||||
if ( 'attachment' != $post->post_type )
|
if ( 'attachment' != $post->post_type )
|
||||||
|
@ -374,17 +374,17 @@ function wp_delete_attachment($postid) {
|
||||||
$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
|
$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
|
||||||
$file = get_post_meta($postid, '_wp_attached_file', true);
|
$file = get_post_meta($postid, '_wp_attached_file', true);
|
||||||
|
|
||||||
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
|
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
|
||||||
|
|
||||||
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
|
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
|
||||||
|
|
||||||
$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
|
$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
|
||||||
|
|
||||||
$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
|
$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
|
||||||
|
|
||||||
if ( ! empty($meta['thumb']) ) {
|
if ( ! empty($meta['thumb']) ) {
|
||||||
// Don't delete the thumb if another attachment uses it
|
// Don't delete the thumb if another attachment uses it
|
||||||
if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
|
if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
|
||||||
@ unlink(str_replace(basename($file), $meta['thumb'], $file));
|
@ unlink(str_replace(basename($file), $meta['thumb'], $file));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -481,9 +481,11 @@ function wp_publish_post($post_id) {
|
||||||
function wp_get_post_cats($blogid = '1', $post_ID = 0) {
|
function wp_get_post_cats($blogid = '1', $post_ID = 0) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
|
$post_ID = (int) $post_ID;
|
||||||
|
|
||||||
$sql = "SELECT category_id
|
$sql = "SELECT category_id
|
||||||
FROM $wpdb->post2cat
|
FROM $wpdb->post2cat
|
||||||
WHERE post_id = $post_ID
|
WHERE post_id = '$post_ID'
|
||||||
ORDER BY category_id";
|
ORDER BY category_id";
|
||||||
|
|
||||||
$result = $wpdb->get_col($sql);
|
$result = $wpdb->get_col($sql);
|
||||||
|
|
|
@ -168,6 +168,8 @@ function get_linkrating($link) {
|
||||||
** uses 0
|
** uses 0
|
||||||
*/
|
*/
|
||||||
function get_linkcatname($id = 0) {
|
function get_linkcatname($id = 0) {
|
||||||
|
$id = (int) $id;
|
||||||
|
|
||||||
if ( empty($id) )
|
if ( empty($id) )
|
||||||
return '';
|
return '';
|
||||||
|
|
||||||
|
|
|
@ -501,8 +501,8 @@ function get_calendar($initial = true) {
|
||||||
|
|
||||||
// Get days with posts
|
// Get days with posts
|
||||||
$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
|
$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
|
||||||
FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
|
FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
|
||||||
AND YEAR(post_date) = $thisyear
|
AND YEAR(post_date) = '$thisyear'
|
||||||
AND post_type = 'post' AND post_status = 'publish'
|
AND post_type = 'post' AND post_status = 'publish'
|
||||||
AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
|
AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
|
||||||
if ( $dayswithposts ) {
|
if ( $dayswithposts ) {
|
||||||
|
|
Loading…
Reference in New Issue