DB escape fields inserted into usermeta table. Hide errors when dropping old columns from user table.

git-svn-id: https://develop.svn.wordpress.org/trunk@2641 602fd350-edb4-49c9-b593-d223f7449a82

wp-admin/upgrade-functions.php

@@ -85,13 +85,15 @@ function upgrade_110() {
   global $wpdb;
 	
     // Set user_nicename.
-	$users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users");
-	foreach ($users as $user) {
-		if ('' == $user->user_nicename) { 
-			$newname = sanitize_title($user->user_nickname);
-			$wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
-		}
-	}
+	// FIXME: user_nickname is no longer in the user table.  Need to update and
+	// move this code to where the new usermeta table is setup.
+//  $users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users");
+// 	foreach ($users as $user) {
+// 		if ('' == $user->user_nicename) { 
+// 			$newname = sanitize_title($user->user_nickname);
+// 			$wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
+// 		}
+// 	}
 
 	$users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users");
 	foreach ($users as $row) {
@@ -219,23 +221,23 @@ function upgrade_160() {
 	$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
 	foreach ( $users as $user ) :
 		if ( !empty( $user->user_firstname ) )
-			update_usermeta( $user->ID, 'first_name', $user->user_firstname );
+			update_usermeta( $user->ID, 'first_name', addslashes($user->user_firstname) );
 		if ( !empty( $user->user_lastname ) )
-			update_usermeta( $user->ID, 'last_name', $user->user_lastname );
+			update_usermeta( $user->ID, 'last_name', addslashes($user->user_lastname) );
 		if ( !empty( $user->user_nickname ) )
-			update_usermeta( $user->ID, 'nickname', $user->user_nickname );
+			update_usermeta( $user->ID, 'nickname', addslashes($user->user_nickname) );
 		if ( !empty( $user->user_level ) )
 			update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level );
 		if ( !empty( $user->user_icq ) )
-			update_usermeta( $user->ID, 'icq', $user->user_icq );
+			update_usermeta( $user->ID, 'icq', addslashes($user->user_icq) );
 		if ( !empty( $user->user_aim ) )
-			update_usermeta( $user->ID, 'aim', $user->user_aim );
+			update_usermeta( $user->ID, 'aim', addslashes($user->user_aim) );
 		if ( !empty( $user->user_msn ) )
-			update_usermeta( $user->ID, 'msn', $user->user_msn );
+			update_usermeta( $user->ID, 'msn', addslashes($user->user_msn) );
 		if ( !empty( $user->user_yim ) )
-			update_usermeta( $user->ID, 'yim', $user->user_icq );
+			update_usermeta( $user->ID, 'yim', addslashes($user->user_icq) );
 		if ( !empty( $user->user_description ) )
-			update_usermeta( $user->ID, 'description', $user->user_description );
+			update_usermeta( $user->ID, 'description', addslashes($user->user_description) );
 		$idmode = $user->user_idmode;
 		if ($idmode == 'nickname') $id = $user->user_nickname;
 		if ($idmode == 'login') $id = $user->user_login;
@@ -248,8 +250,10 @@ function upgrade_160() {
 		$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
 	endforeach;
 	$old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname' );
+	$wpdb->hide_errors();
 	foreach ( $old_user_fields as $old )
 		$wpdb->query("ALTER TABLE $wpdb->users DROP $old");
+	$wpdb->show_errors();
 }
 
 // The functions we use to actually do stuff

wp-admin/upgrade.php

@@ -77,7 +77,7 @@ switch($step) {
 	upgrade_all();
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
-	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), '../'); ?></p>
+	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), __get_option('home')); ?></p>
 
 <!--
 <pre>