Escape content and title before inserting into the DB. http://wordpress.org/support/2/12153

git-svn-id: https://develop.svn.wordpress.org/trunk@1590 602fd350-edb4-49c9-b593-d223f7449a82
2004-09-04 08:03:20 +00:00 · 2004-09-04 08:03:20 +00:00 · 24d5a6bddd
parent 68246928c2
commit 24d5a6bddd
1 changed files with 2 additions and 2 deletions
--- a/wp-admin/import-textpattern.php
+++ b/wp-admin/import-textpattern.php
@ -97,8 +97,8 @@ while ($post = mysql_fetch_array($posts)) {
 	$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
 	$posted = date('Y-m-d H:i:s', $timestamp);
 	
-	$content = $post['Body_html'];
-	$title = $post['Title'];
+	$content = addslashes($post['Body_html']);
+	$title = addslashes($post['Title']);
 	$post_name = sanitize_title($title);

 	$wpdb->query("INSERT INTO $wpdb->posts