sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More clear and concise escaping in get_page_by_path(). see #21767. 

git-svn-id: https://develop.svn.wordpress.org/trunk@24715 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2013-07-16 14:23:29 +00:00
parent 40623f1c68
commit 1f4997686b
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-includes/post.php
View File

@ -3417,12 +3417,11 @@ function get_page_by_path($page_path, $output = OBJECT, $post_type = 'page') {
$page_path = str_replace('%2F', '/', $page_path);
$page_path = str_replace('%20', ' ', $page_path);
$parts = explode( '/', trim( $page_path, '/' ) );
$parts = array_map( 'esc_sql', $parts );
$parts = esc_sql( $parts );
$parts = array_map( 'sanitize_title_for_query', $parts );
$in_string = "'". implode( "','", $parts ) . "'";
$post_type_sql = $post_type;
$wpdb->escape_by_ref( $post_type_sql );
$post_type_sql = esc_sql( $post_type );
$pages = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_type FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K );
$revparts = array_reverse( $parts );