From a034198225e794f4ca6539dbae9cf99832b1e855 Mon Sep 17 00:00:00 2001 From: dd32 Date: Mon, 18 Oct 2010 11:44:19 +0000 Subject: [PATCH] Use $wpdb->prepare in wp_old_slug_redirect(). See #15140 git-svn-id: http://svn.automattic.com/wordpress/trunk@15832 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/query.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/wp-includes/query.php b/wp-includes/query.php index b1a0580211..e2e2cba6d9 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -3146,20 +3146,20 @@ function wp_old_slug_redirect() { if ( is_404() && '' != $wp_query->query_vars['name'] ) : global $wpdb; - $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'"; + $query = $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value=%s", $wp_query->query_vars['name']); // if year, monthnum, or day have been specified, make our query more precise // just in case there are multiple identical _wp_old_slug values if ( '' != $wp_query->query_vars['year'] ) - $query .= " AND YEAR(post_date) = '{$wp_query->query_vars['year']}'"; + $query .= $wpdb->prepare(" AND YEAR(post_date) = %d", $wp_query->query_vars['year']); if ( '' != $wp_query->query_vars['monthnum'] ) - $query .= " AND MONTH(post_date) = '{$wp_query->query_vars['monthnum']}'"; + $query .= $wpdb->prepare(" AND MONTH(post_date) = %d", $wp_query->query_vars['monthnum']); if ( '' != $wp_query->query_vars['day'] ) - $query .= " AND DAYOFMONTH(post_date) = '{$wp_query->query_vars['day']}'"; + $query .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", $wp_query->query_vars['day']); $id = (int) $wpdb->get_var($query); - if ( !$id ) + if ( ! $id ) return; $link = get_permalink($id);