sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use prepare() instead of addslashes(). props wpmuguru.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@16643 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2010-12-01 01:51:32 +00:00
parent b811b5ba7c
commit 4ba9c5d14a
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-includes/comment.php
View File

@ -1865,9 +1865,8 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
if ( is_wp_error( $response ) ) if ( is_wp_error( $response ) )
return; return;
$tb_url = addslashes( $trackback_url ); $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', %s) WHERE ID = %d", $trackback_url, $ID) );
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) ); return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $trackback_url, $ID) );
return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) );
} }
/** /**