sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

DB escaping in fix_attachment_links(). #2434

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@3586 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2006-03-02 02:47:36 +00:00
parent 54198167b7
commit 1239ce2315
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
wp-admin/admin-functions.php
View File

@ -105,12 +105,12 @@ function relocate_children($old_ID, $new_ID) {
function fix_attachment_links($post_ID) { function fix_attachment_links($post_ID) {
global $wp_rewrite; global $wp_rewrite;
$post = & get_post($post_ID); $post = & get_post($post_ID, ARRAY_A);
$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
// See if we have any rel="attachment" links // See if we have any rel="attachment" links
if ( 0 == preg_match_all($search, $post->post_content, $anchor_matches, PREG_PATTERN_ORDER) ) if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) )
return; return;
$i = 0; $i = 0;
@ -122,9 +122,11 @@ function fix_attachment_links($post_ID) {
$id = $id_matches[2]; $id = $id_matches[2];
// While we have the attachment ID, let's adopt any orphans. // While we have the attachment ID, let's adopt any orphans.
$attachment = & get_post($id); $attachment = & get_post($id, ARRAY_A);
if ( ! is_object(get_post($attachment->post_parent)) ) { if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) {
$attachment->post_parent = $post_ID; $attachment['post_parent'] = $post_ID;
// Escape data pulled from DB.
$attachment = add_magic_quotes($attachment);
wp_update_post($attachment); wp_update_post($attachment);
} }
@ -133,7 +135,10 @@ function fix_attachment_links($post_ID) {
++$i; ++$i;
} }
$post->post_content = str_replace($post_search, $post_replace, $post->post_content); $post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']);
// Escape data pulled from DB.
$post = add_magic_quotes($post);
return wp_update_post($post); return wp_update_post($post);
} }