From 54f3ab72d50bb7d1bc6bece53329e0bce139572f Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Sat, 22 Apr 2006 00:02:00 +0000
Subject: [PATCH] Add some prophylactic int casts and quoting.

git-svn-id: https://develop.svn.wordpress.org/trunk@3740 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/comment.php                      |  4 +++-
 wp-includes/functions-post.php               | 16 +++++++++-------
 wp-includes/template-functions-bookmarks.php |  2 ++
 wp-includes/template-functions-general.php   |  4 ++--
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index a5acdd3836..931a8a5481 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -60,7 +60,9 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 
 function get_approved_comments($post_id) {
 	global $wpdb;
-	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
+
+	$post_id = (int) $post_id;
+	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date");
 }
 
 // Retrieves comment data given a comment ID or comment object.
diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php
index 7ffc908196..dada52cd6a 100644
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@@ -365,7 +365,7 @@ function wp_delete_attachment($postid) {
 	global $wpdb;
 	$postid = (int) $postid;
 
-	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
 		return $post;
 
 	if ( 'attachment' != $post->post_type )
@@ -374,17 +374,17 @@ function wp_delete_attachment($postid) {
 	$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
 	$file = get_post_meta($postid, '_wp_attached_file', true);
 
-	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
 
 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it
-		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
 			@ unlink(str_replace(basename($file), $meta['thumb'], $file));
 	}
 
@@ -481,9 +481,11 @@ function wp_publish_post($post_id) {
 function wp_get_post_cats($blogid = '1', $post_ID = 0) {
 	global $wpdb;
 
+	$post_ID = (int) $post_ID;
+
 	$sql = "SELECT category_id 
 		FROM $wpdb->post2cat 
-		WHERE post_id = $post_ID 
+		WHERE post_id = '$post_ID' 
 		ORDER BY category_id";
 
 	$result = $wpdb->get_col($sql);
diff --git a/wp-includes/template-functions-bookmarks.php b/wp-includes/template-functions-bookmarks.php
index d3aa507d66..6c17064355 100644
--- a/wp-includes/template-functions-bookmarks.php
+++ b/wp-includes/template-functions-bookmarks.php
@@ -168,6 +168,8 @@ function get_linkrating($link) {
  **                uses 0
  */
 function get_linkcatname($id = 0) {
+	$id = (int) $id;
+
     if ( empty($id) )
     	return '';
   
diff --git a/wp-includes/template-functions-general.php b/wp-includes/template-functions-general.php
index 5c112f70bd..4d6fac4156 100644
--- a/wp-includes/template-functions-general.php
+++ b/wp-includes/template-functions-general.php
@@ -501,8 +501,8 @@ function get_calendar($initial = true) {
 
 	// Get days with posts
 	$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
-		FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
-		AND YEAR(post_date) = $thisyear
+		FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
+		AND YEAR(post_date) = '$thisyear'
 		AND post_type = 'post' AND post_status = 'publish'
 		AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
 	if ( $dayswithposts ) {