More clear and concise escaping in get_page_by_path(). see #21767.
git-svn-id: https://develop.svn.wordpress.org/trunk@24715 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
40623f1c68
commit
1f4997686b
|
@ -3417,12 +3417,11 @@ function get_page_by_path($page_path, $output = OBJECT, $post_type = 'page') {
|
|||
$page_path = str_replace('%2F', '/', $page_path);
|
||||
$page_path = str_replace('%20', ' ', $page_path);
|
||||
$parts = explode( '/', trim( $page_path, '/' ) );
|
||||
$parts = array_map( 'esc_sql', $parts );
|
||||
$parts = esc_sql( $parts );
|
||||
$parts = array_map( 'sanitize_title_for_query', $parts );
|
||||
|
||||
$in_string = "'". implode( "','", $parts ) . "'";
|
||||
$post_type_sql = $post_type;
|
||||
$wpdb->escape_by_ref( $post_type_sql );
|
||||
$post_type_sql = esc_sql( $post_type );
|
||||
$pages = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K );
|
||||
|
||||
$revparts = array_reverse( $parts );
|
||||
|
|
Loading…
Reference in New Issue