sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Strip and prepare ajax tag search string. Avoids applying slashes toward the character count. Props brianlayman. see #13580

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@17256 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2011-01-11 20:15:25 +00:00
parent 4c869552ff
commit 545cc85918
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/admin-ajax.php
View File

@ -86,7 +86,7 @@ case 'ajax-tag-search' :
die('0');
}
$s = $_GET['q']; // is this slashed already?
$s = stripslashes( $_GET['q'] );
if ( false !== strpos( $s, ',' ) ) {
$s = explode( ',', $s );
@ -96,7 +96,7 @@ case 'ajax-tag-search' :
if ( strlen( $s ) < 2 )
die; // require 2 chars for matching
$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
$results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
echo join( $results, "\n" );
die;