WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More clear and concise escaping in get_page_by_path(). see #21767. 

git-svn-id: http://core.svn.wordpress.org/trunk@24715 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2013-07-16 14:23:29 +00:00
parent 4fd4d4452f
commit ab72605607
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-includes/post.php
View File

@ -3417,12 +3417,11 @@ function get_page_by_path($page_path, $output = OBJECT, $post_type = 'page') {
$page_path = str_replace('%2F', '/', $page_path);
$page_path = str_replace('%20', ' ', $page_path);
$parts = explode( '/', trim( $page_path, '/' ) );
$parts = array_map( 'esc_sql', $parts );
$parts = esc_sql( $parts );
$parts = array_map( 'sanitize_title_for_query', $parts );
$in_string = "'". implode( "','", $parts ) . "'";
$post_type_sql = $post_type;
$wpdb->escape_by_ref( $post_type_sql );
$post_type_sql = esc_sql( $post_type );
$pages = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K );
$revparts = array_reverse( $parts );