From a5740e48a1f2586599d737694f6b554a02f5ea54 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Thu, 5 Mar 2009 22:16:29 +0000
Subject: [PATCH] post_exists() and comment_exists() fixes. Fixes post
 duplication during import. Props tott. fixes #8460

git-svn-id: https://develop.svn.wordpress.org/trunk@10722 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/comment.php |  3 +++
 wp-admin/includes/post.php    | 44 ++++++++++++++++++++++-------------
 2 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php
index 0fd1533d2b..9096da6308 100644
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -19,6 +19,9 @@
 function comment_exists($comment_author, $comment_date) {
 	global $wpdb;
 
+	$comment_author = stripslashes($comment_author);
+	$comment_date = stripslashes($comment_date);
+
 	return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
 			WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
 }
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index 1ac800b1ec..92e96a0b9e 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -397,30 +397,42 @@ function get_post_to_edit( $id ) {
 }
 
 /**
- * {@internal Missing Short Description}}
+ * Determine if a post exists based on title, content, and date
  *
  * @since unknown
  *
- * @param unknown_type $title
- * @param unknown_type $content
- * @param unknown_type $post_date
- * @return unknown
+ * @param string $title Post title
+ * @param string $content Optional post content
+ * @param string $date Optional post date
+ * @return int Post ID if post exists, 0 otherwise.
  */
-function post_exists($title, $content = '', $post_date = '') {
+function post_exists($title, $content = '', $date = '') {
 	global $wpdb;
 
-	$title = stripslashes($title);
-	$content = stripslashes($content);
-	$post_date = stripslashes($post_date);
+	$post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
+	$post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );    
+	$post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
 
-	if (!empty ($post_date))
-		$post_date = $wpdb->prepare("AND post_date = %s", $post_date);
+	$query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
+	$args = array();
 
-	if (!empty ($title))
-		return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
-	else
-		if (!empty ($content))
-			return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
+	if ( !empty ( $date ) ) {
+		$query .= ' AND post_date = %s';
+		$args[] = $post_date;
+	}
+
+	if ( !empty ( $title ) ) {
+		$query .= ' AND post_title = %s';
+		$args[] = $post_title;
+	}
+
+	if ( !empty ( $content ) ) {
+		$query .= 'AND post_content = %s';
+		$args[] = $post_content;
+	}
+    
+	if ( !empty ( $args ) )
+		return $wpdb->get_var( $wpdb->prepare($query, $args) );
 
 	return 0;
 }