sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use prepare() in wp_insert_attachment(). Props dwc. fixes #7933

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@9259 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2008-10-20 21:55:37 +00:00
parent 0d579c5a62
commit 9442333d05
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/post.php
View File

@ -2281,14 +2281,14 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
$post_name = sanitize_title($post_name);
// expected_slashed ($post_name)
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID));
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID));
if ($post_name_check) {
$suffix = 2;
while ($post_name_check) {
$alt_post_name = $post_name . "-$suffix";
// expected_slashed ($alt_post_name, $post_name)
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
$post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent));
$suffix++;
}
$post_name = $alt_post_name;