Prepare DB queries in more places. Props filosofo. see #6644
git-svn-id: https://develop.svn.wordpress.org/trunk@7645 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
32e9822516
commit
fdc05b24f6
@ -15,7 +15,7 @@ if ( isset($_GET['action']) && 'ajax-tag-search' == $_GET['action'] ) {
|
||||
|
||||
if ( strstr( $s, ',' ) )
|
||||
die; // it's a multiple tag insert, we won't find anything
|
||||
$results = $wpdb->get_col( "SELECT name FROM $wpdb->terms WHERE name LIKE ('%$s%')" );
|
||||
$results = $wpdb->get_col( $wpdb->prepare("SELECT name FROM $wpdb->terms WHERE name LIKE (%s)", '%' . $s . '%') );
|
||||
echo join( $results, "\n" );
|
||||
die;
|
||||
}
|
||||
|
||||
@ -12,8 +12,7 @@ if ( !empty( $_REQUEST['delete_comments'] ) ) {
|
||||
$comments_deleted = $comments_approved = $comments_unapproved = $comments_spammed = 0;
|
||||
foreach ($_REQUEST['delete_comments'] as $comment) : // Check the permissions on each
|
||||
$comment = (int) $comment;
|
||||
$post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
|
||||
// $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
|
||||
$post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment) );
|
||||
if ( !current_user_can('edit_post', $post_id) )
|
||||
continue;
|
||||
if ( !empty( $_REQUEST['spamit'] ) ) {
|
||||
|
||||
@ -175,7 +175,7 @@ if ($posts) {
|
||||
|
||||
if ( 1 == count($posts) && is_singular() ) :
|
||||
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
|
||||
$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
|
||||
if ( $comments ) :
|
||||
// Make sure comments, post, and post_author are cached
|
||||
update_comment_cache($comments);
|
||||
|
||||
@ -205,7 +205,7 @@ if ( $page_links )
|
||||
|
||||
if ( 1 == count($posts) && is_singular() ) :
|
||||
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
|
||||
$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
|
||||
if ( $comments ) :
|
||||
// Make sure comments, post, and post_author are cached
|
||||
update_comment_cache($comments);
|
||||
|
||||
@ -641,7 +641,7 @@ class Blogger_Import {
|
||||
$host = $this->blogs[$importing_blog]['host'];
|
||||
|
||||
// Get an array of posts => authors
|
||||
$post_ids = (array) $wpdb->get_col("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = '$host'");
|
||||
$post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) );
|
||||
$post_ids = join( ',', $post_ids );
|
||||
$results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
|
||||
foreach ( $results as $row )
|
||||
@ -658,7 +658,7 @@ class Blogger_Import {
|
||||
$post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] );
|
||||
$post_ids = join( ',', $post_ids);
|
||||
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_author = $user_id WHERE id IN ($post_ids)");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) );
|
||||
$this->blogs[$importing_blog]['authors'][$author][1] = $user_id;
|
||||
}
|
||||
$this->save_vars();
|
||||
|
||||
@ -13,7 +13,7 @@ if(!function_exists('get_comment_count'))
|
||||
function get_comment_count($post_ID)
|
||||
{
|
||||
global $wpdb;
|
||||
return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@ if(!function_exists('link_exists'))
|
||||
function link_exists($linkname)
|
||||
{
|
||||
global $wpdb;
|
||||
return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"');
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ if(!function_exists('get_comment_count'))
|
||||
function get_comment_count($post_ID)
|
||||
{
|
||||
global $wpdb;
|
||||
return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@ if(!function_exists('link_exists'))
|
||||
function link_exists($linkname)
|
||||
{
|
||||
global $wpdb;
|
||||
return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"');
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -164,12 +164,12 @@ function check_all_rows() {
|
||||
$id = $id['term_taxonomy_id'];
|
||||
$posts = get_objects_in_term($category->term_id, 'category');
|
||||
foreach ( $posts as $post ) {
|
||||
if ( !$wpdb->get_var("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = '$post' AND term_taxonomy_id = '$id'") )
|
||||
$wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post', '$id')");
|
||||
if ( !$wpdb->get_var( $wpdb->prepare("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $post, $id) ) )
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES (%d, %d)", $post, $id) );
|
||||
clean_post_cache($post);
|
||||
}
|
||||
} else {
|
||||
$tt_ids = $wpdb->get_col("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
|
||||
$tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
|
||||
if ( $tt_ids ) {
|
||||
$posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id");
|
||||
foreach ( (array) $posts as $post )
|
||||
@ -177,14 +177,14 @@ function check_all_rows() {
|
||||
}
|
||||
|
||||
// Change the category to a tag.
|
||||
$wpdb->query("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
|
||||
|
||||
$terms = $wpdb->get_col("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
|
||||
$terms = $wpdb->get_col( $wpdb->prepare("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
|
||||
foreach ( (array) $terms as $term )
|
||||
clean_category_cache($term);
|
||||
|
||||
// Set all parents to 0 (root-level) if their parent was the converted tag
|
||||
$wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
|
||||
}
|
||||
// Clean the cache
|
||||
clean_category_cache($category->term_id);
|
||||
|
||||
@ -47,7 +47,7 @@ function wp_delete_link($link_id) {
|
||||
|
||||
wp_delete_object_term_relationships($link_id, 'link_category');
|
||||
|
||||
$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) );
|
||||
|
||||
do_action('deleted_link', $link_id);
|
||||
|
||||
@ -119,15 +119,14 @@ function wp_insert_link($linkdata) {
|
||||
}
|
||||
|
||||
if ( $update ) {
|
||||
$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
|
||||
link_name='$link_name', link_image='$link_image',
|
||||
link_target='$link_target',
|
||||
link_visible='$link_visible', link_description='$link_description',
|
||||
link_rating='$link_rating', link_rel='$link_rel',
|
||||
link_notes='$link_notes', link_rss = '$link_rss'
|
||||
WHERE link_id='$link_id'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s,
|
||||
link_name = %s, link_image = %s, link_target = %s,
|
||||
link_visible = %s, link_description = %s, link_rating = %s,
|
||||
link_rel = %s, link_notes = %s, link_rss = %s
|
||||
WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) );
|
||||
} else {
|
||||
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
|
||||
$link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) );
|
||||
$link_id = (int) $wpdb->insert_id;
|
||||
}
|
||||
|
||||
|
||||
@ -3,8 +3,8 @@
|
||||
function comment_exists($comment_author, $comment_date) {
|
||||
global $wpdb;
|
||||
|
||||
return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments
|
||||
WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'");
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
|
||||
WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
|
||||
}
|
||||
|
||||
function edit_comment() {
|
||||
@ -67,7 +67,7 @@ function get_comment_to_edit( $id ) {
|
||||
function get_pending_comments_num( $post_id ) {
|
||||
global $wpdb;
|
||||
$post_id = (int) $post_id;
|
||||
$pending = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '0'" );
|
||||
$pending = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '0'", $post_id) );
|
||||
return $pending;
|
||||
}
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
|
||||
$where = '';
|
||||
if ( $author and $author != 'all' ) {
|
||||
$author_id = (int) $author;
|
||||
$where = " WHERE post_author = '$author_id' ";
|
||||
$where = $wpdb->prepare(" WHERE post_author = %d ", $author_id);
|
||||
}
|
||||
|
||||
// grab a snapshot of post IDs, just in case it changes during the export
|
||||
@ -217,7 +217,7 @@ if ($post->post_type == 'attachment') { ?>
|
||||
<wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url>
|
||||
<?php } ?>
|
||||
<?php
|
||||
$postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
|
||||
$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
|
||||
if ( $postmeta ) {
|
||||
?>
|
||||
<?php foreach( $postmeta as $meta ) { ?>
|
||||
@ -228,7 +228,7 @@ if ( $postmeta ) {
|
||||
<?php } ?>
|
||||
<?php } ?>
|
||||
<?php
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID");
|
||||
$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
|
||||
if ( $comments ) { foreach ( $comments as $c ) { ?>
|
||||
<wp:comment>
|
||||
<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
|
||||
|
||||
@ -194,13 +194,13 @@ function post_exists($title, $content = '', $post_date = '') {
|
||||
global $wpdb;
|
||||
|
||||
if (!empty ($post_date))
|
||||
$post_date = "AND post_date = '$post_date'";
|
||||
$post_date = $wpdb->prepare("AND post_date = %s", $post_date);
|
||||
|
||||
if (!empty ($title))
|
||||
return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
|
||||
else
|
||||
if (!empty ($content))
|
||||
return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -380,11 +380,9 @@ function add_meta( $post_ID ) {
|
||||
|
||||
wp_cache_delete($post_ID, 'post_meta');
|
||||
|
||||
$wpdb->query( "
|
||||
INSERT INTO $wpdb->postmeta
|
||||
(post_id,meta_key,meta_value )
|
||||
VALUES ('$post_ID','$metakey','$metavalue' )
|
||||
" );
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
|
||||
(post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
|
||||
$post_ID, $metakey, $metavalue) );
|
||||
return $wpdb->insert_id;
|
||||
}
|
||||
return false;
|
||||
@ -394,10 +392,10 @@ function delete_meta( $mid ) {
|
||||
global $wpdb;
|
||||
$mid = (int) $mid;
|
||||
|
||||
$post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
|
||||
$post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
|
||||
wp_cache_delete($post_id, 'post_meta');
|
||||
|
||||
return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
|
||||
return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
|
||||
}
|
||||
|
||||
// Get a list of previously defined keys
|
||||
@ -417,7 +415,7 @@ function get_post_meta_by_id( $mid ) {
|
||||
global $wpdb;
|
||||
$mid = (int) $mid;
|
||||
|
||||
$meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
|
||||
$meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
|
||||
if ( is_serialized_string( $meta->meta_value ) )
|
||||
$meta->meta_value = maybe_unserialize( $meta->meta_value );
|
||||
return $meta;
|
||||
@ -427,11 +425,9 @@ function get_post_meta_by_id( $mid ) {
|
||||
function has_meta( $postid ) {
|
||||
global $wpdb;
|
||||
|
||||
return $wpdb->get_results( "
|
||||
SELECT meta_key, meta_value, meta_id, post_id
|
||||
FROM $wpdb->postmeta
|
||||
WHERE post_id = '$postid'
|
||||
ORDER BY meta_key,meta_id", ARRAY_A );
|
||||
return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
|
||||
FROM $wpdb->postmeta WHERE post_id = %d
|
||||
ORDER BY meta_key,meta_id", $postid), ARRAY_A );
|
||||
|
||||
}
|
||||
|
||||
@ -443,13 +439,13 @@ function update_meta( $mid, $mkey, $mvalue ) {
|
||||
if ( in_array($mkey, $protected) )
|
||||
return false;
|
||||
|
||||
$post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
|
||||
$post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
|
||||
wp_cache_delete($post_id, 'post_meta');
|
||||
|
||||
$mvalue = maybe_serialize( stripslashes( $mvalue ));
|
||||
$mvalue = $wpdb->escape( $mvalue );
|
||||
$mid = (int) $mid;
|
||||
return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
|
||||
return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->postmeta SET meta_key = %s, meta_value = %s WHERE meta_id = %d", $mkey, $mvalue, $mid) );
|
||||
}
|
||||
|
||||
//
|
||||
@ -502,7 +498,7 @@ function _relocate_children( $old_ID, $new_ID ) {
|
||||
global $wpdb;
|
||||
$old_ID = (int) $old_ID;
|
||||
$new_ID = (int) $new_ID;
|
||||
return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
|
||||
return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
|
||||
}
|
||||
|
||||
function get_available_post_statuses($type = 'post') {
|
||||
|
||||
@ -892,7 +892,7 @@ function page_template_dropdown( $default = '' ) {
|
||||
|
||||
function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
|
||||
global $wpdb, $post_ID;
|
||||
$items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" );
|
||||
$items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) );
|
||||
|
||||
if ( $items ) {
|
||||
foreach ( $items as $item ) {
|
||||
|
||||
@ -218,7 +218,7 @@ function upgrade_100() {
|
||||
foreach($posts as $post) {
|
||||
if ('' == $post->post_name) {
|
||||
$newtitle = sanitize_title($post->post_title);
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_name = '$newtitle' WHERE ID = '$post->ID'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) );
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -227,7 +227,7 @@ function upgrade_100() {
|
||||
foreach ($categories as $category) {
|
||||
if ('' == $category->category_nicename) {
|
||||
$newtitle = sanitize_title($category->cat_name);
|
||||
$wpdb->query("UPDATE $wpdb->categories SET category_nicename = '$newtitle' WHERE cat_ID = '$category->cat_ID'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -250,14 +250,12 @@ function upgrade_100() {
|
||||
if ($allposts) :
|
||||
foreach ($allposts as $post) {
|
||||
// Check to see if it's already been imported
|
||||
$cat = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post->ID AND category_id = $post->post_category");
|
||||
$cat = $wpdb->get_row( $wpdb->("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) );
|
||||
if (!$cat && 0 != $post->post_category) { // If there's no result
|
||||
$wpdb->query("
|
||||
INSERT INTO $wpdb->post2cat
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat
|
||||
(post_id, category_id)
|
||||
VALUES
|
||||
('$post->ID', '$post->post_category')
|
||||
");
|
||||
VALUES (%s, %s)
|
||||
", $post->ID, $post->post_category) );
|
||||
}
|
||||
}
|
||||
endif;
|
||||
@ -285,7 +283,7 @@ function upgrade_110() {
|
||||
foreach ($users as $user) {
|
||||
if ('' == $user->user_nicename) {
|
||||
$newname = sanitize_title($user->user_nickname);
|
||||
$wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -401,7 +399,7 @@ function upgrade_130() {
|
||||
foreach ( $options as $option ) {
|
||||
if ( 1 != $option->dupes ) { // Could this be done in the query?
|
||||
$limit = $option->dupes - 1;
|
||||
$dupe_ids = $wpdb->get_col("SELECT option_id FROM $wpdb->options WHERE option_name = '$option->option_name' LIMIT $limit");
|
||||
$dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) );
|
||||
$dupe_ids = join($dupe_ids, ',');
|
||||
$wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)");
|
||||
}
|
||||
@ -445,8 +443,7 @@ function upgrade_160() {
|
||||
if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
|
||||
if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
|
||||
if (!$idmode) $id = $user->user_nickname;
|
||||
$id = $wpdb->escape( $id );
|
||||
$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) );
|
||||
endif;
|
||||
|
||||
// FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set.
|
||||
@ -468,7 +465,7 @@ function upgrade_160() {
|
||||
$comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" );
|
||||
if( is_array( $comments ) ) {
|
||||
foreach ($comments as $comment) {
|
||||
$wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" );
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -477,10 +474,10 @@ function upgrade_160() {
|
||||
if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) {
|
||||
$objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'");
|
||||
foreach ($objects as $object) {
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment',
|
||||
post_mime_type = '$object->post_type',
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment',
|
||||
post_mime_type = %s,
|
||||
post_type = ''
|
||||
WHERE ID = $object->ID");
|
||||
WHERE ID = %d", $object->post_type, $object->ID) );
|
||||
|
||||
$meta = get_post_meta($object->ID, 'imagedata', true);
|
||||
if ( ! empty($meta['file']) )
|
||||
@ -508,7 +505,7 @@ function upgrade_210() {
|
||||
$type = 'attachment';
|
||||
}
|
||||
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -541,45 +538,42 @@ function upgrade_230() {
|
||||
$categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID");
|
||||
foreach ($categories as $category) {
|
||||
$term_id = (int) $category->cat_ID;
|
||||
$name = $wpdb->escape($category->cat_name);
|
||||
$description = $wpdb->escape($category->category_description);
|
||||
$slug = $wpdb->escape($category->category_nicename);
|
||||
$parent = $wpdb->escape($category->category_parent);
|
||||
$term_group = 0;
|
||||
|
||||
// Associate terms with the same slug in a term group and make slugs unique.
|
||||
if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
|
||||
if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
|
||||
$term_group = $exists[0]->term_group;
|
||||
$id = $exists[0]->term_id;
|
||||
$num = 2;
|
||||
do {
|
||||
$alt_slug = $slug . "-$num";
|
||||
$num++;
|
||||
$slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'");
|
||||
$slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) );
|
||||
} while ( $slug_check );
|
||||
|
||||
$slug = $alt_slug;
|
||||
|
||||
if ( empty( $term_group ) ) {
|
||||
$term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
|
||||
$wpdb->query("UPDATE $wpdb->terms SET term_group = '$term_group' WHERE term_id = '$id'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) );
|
||||
}
|
||||
}
|
||||
|
||||
$wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$term_id', '$name', '$slug', '$term_group')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES
|
||||
(%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) );
|
||||
|
||||
$count = 0;
|
||||
if ( !empty($category->category_count) ) {
|
||||
$count = (int) $category->category_count;
|
||||
$taxonomy = 'category';
|
||||
$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
|
||||
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
|
||||
}
|
||||
|
||||
if ( !empty($category->link_count) ) {
|
||||
$count = (int) $category->link_count;
|
||||
$taxonomy = 'link_category';
|
||||
$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
|
||||
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
|
||||
}
|
||||
|
||||
@ -587,14 +581,14 @@ function upgrade_230() {
|
||||
$have_tags = true;
|
||||
$count = (int) $category->tag_count;
|
||||
$taxonomy = 'post_tag';
|
||||
$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
|
||||
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
|
||||
}
|
||||
|
||||
if ( empty($count) ) {
|
||||
$count = 0;
|
||||
$taxonomy = 'category';
|
||||
$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
|
||||
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
|
||||
}
|
||||
}
|
||||
@ -614,7 +608,7 @@ function upgrade_230() {
|
||||
if ( empty($tt_id) )
|
||||
continue;
|
||||
|
||||
$wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) );
|
||||
}
|
||||
|
||||
// < 3570 we used linkcategories. >= 3570 we used categories and link2cat.
|
||||
@ -633,20 +627,20 @@ function upgrade_230() {
|
||||
$term_group = 0;
|
||||
|
||||
// Associate terms with the same slug in a term group and make slugs unique.
|
||||
if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
|
||||
if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
|
||||
$term_group = $exists[0]->term_group;
|
||||
$term_id = $exists[0]->term_id;
|
||||
}
|
||||
|
||||
if ( empty($term_id) ) {
|
||||
$wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) );
|
||||
$term_id = (int) $wpdb->insert_id;
|
||||
}
|
||||
|
||||
$link_cat_id_map[$cat_id] = $term_id;
|
||||
$default_link_cat = $term_id;
|
||||
|
||||
$wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', 'link_category', '', '0', '0')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) );
|
||||
$tt_ids[$term_id] = (int) $wpdb->insert_id;
|
||||
}
|
||||
|
||||
@ -662,7 +656,7 @@ function upgrade_230() {
|
||||
if ( empty($tt_id) )
|
||||
continue;
|
||||
|
||||
$wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link->link_id', '$tt_id')");
|
||||
$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) );
|
||||
}
|
||||
|
||||
// Set default to the last category we grabbed during the upgrade loop.
|
||||
@ -677,7 +671,7 @@ function upgrade_230() {
|
||||
if ( empty($tt_id) )
|
||||
continue;
|
||||
|
||||
$wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link_id', '$tt_id')");
|
||||
$wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -690,10 +684,10 @@ function upgrade_230() {
|
||||
$terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy");
|
||||
foreach ( (array) $terms as $term ) {
|
||||
if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) )
|
||||
$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term->term_taxonomy_id'");
|
||||
$count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) );
|
||||
else
|
||||
$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
|
||||
$wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
|
||||
$count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) );
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -823,7 +817,7 @@ function __get_option($setting) {
|
||||
return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
|
||||
}
|
||||
|
||||
$option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
|
||||
$option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) );
|
||||
|
||||
if ( 'home' == $setting && '' == $option )
|
||||
return __get_option('siteurl');
|
||||
|
||||
@ -141,10 +141,7 @@ function edit_user( $user_id = 0 ) {
|
||||
function get_author_user_ids() {
|
||||
global $wpdb;
|
||||
$level_key = $wpdb->prefix . 'user_level';
|
||||
|
||||
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'";
|
||||
|
||||
return $wpdb->get_col( $query );
|
||||
return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) );
|
||||
}
|
||||
|
||||
function get_editable_authors( $user_id ) {
|
||||
@ -176,7 +173,7 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true ) {
|
||||
|
||||
$level_key = $wpdb->prefix . 'user_level';
|
||||
|
||||
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'";
|
||||
$query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key);
|
||||
if ( $exclude_zeros )
|
||||
$query .= " AND meta_value != '0'";
|
||||
|
||||
@ -187,9 +184,7 @@ function get_nonauthor_user_ids() {
|
||||
global $wpdb;
|
||||
$level_key = $wpdb->prefix . 'user_level';
|
||||
|
||||
$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'";
|
||||
|
||||
return $wpdb->get_col( $query );
|
||||
return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) );
|
||||
}
|
||||
|
||||
function get_others_unpublished_posts($user_id, $type='any') {
|
||||
@ -208,7 +203,7 @@ function get_others_unpublished_posts($user_id, $type='any') {
|
||||
$other_unpubs = '';
|
||||
} else {
|
||||
$editable = join(',', $editable);
|
||||
$other_unpubs = $wpdb->get_results("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != '$user_id' ORDER BY post_modified $dir");
|
||||
$other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) );
|
||||
}
|
||||
|
||||
return apply_filters('get_others_drafts', $other_unpubs);
|
||||
@ -241,8 +236,7 @@ function get_user_to_edit( $user_id ) {
|
||||
|
||||
function get_users_drafts( $user_id ) {
|
||||
global $wpdb;
|
||||
$user_id = (int) $user_id;
|
||||
$query = "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = $user_id ORDER BY post_modified DESC";
|
||||
$query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id);
|
||||
$query = apply_filters('get_users_drafts', $query);
|
||||
return $wpdb->get_results( $query );
|
||||
}
|
||||
@ -253,7 +247,7 @@ function wp_delete_user($id, $reassign = 'novalue') {
|
||||
$id = (int) $id;
|
||||
|
||||
if ($reassign == 'novalue') {
|
||||
$post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_author = $id");
|
||||
$post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) );
|
||||
|
||||
if ($post_ids) {
|
||||
foreach ($post_ids as $post_id)
|
||||
@ -261,18 +255,18 @@ function wp_delete_user($id, $reassign = 'novalue') {
|
||||
}
|
||||
|
||||
// Clean links
|
||||
$wpdb->query("DELETE FROM $wpdb->links WHERE link_owner = $id");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) );
|
||||
} else {
|
||||
$reassign = (int) $reassign;
|
||||
$wpdb->query("UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}");
|
||||
$wpdb->query("UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) );
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d}", $reassign, $id) );
|
||||
}
|
||||
|
||||
// FINALLY, delete user
|
||||
do_action('delete_user', $id);
|
||||
|
||||
$wpdb->query("DELETE FROM $wpdb->users WHERE ID = $id");
|
||||
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$id'");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) );
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) );
|
||||
|
||||
wp_cache_delete($id, 'users');
|
||||
wp_cache_delete($user->user_login, 'userlogins');
|
||||
@ -323,7 +317,7 @@ class WP_User_Search {
|
||||
function prepare_query() {
|
||||
global $wpdb;
|
||||
$this->first_user = ($this->page - 1) * $this->users_per_page;
|
||||
$this->query_limit = ' LIMIT ' . $this->first_user . ',' . $this->users_per_page;
|
||||
$this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page);
|
||||
$this->query_sort = ' ORDER BY user_login';
|
||||
$search_sql = '';
|
||||
if ( $this->search_term ) {
|
||||
@ -337,7 +331,7 @@ class WP_User_Search {
|
||||
|
||||
$this->query_from_where = "FROM $wpdb->users";
|
||||
if ( $this->role )
|
||||
$this->query_from_where .= " INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE '%$this->role%'";
|
||||
$this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%');
|
||||
else
|
||||
$this->query_from_where .= " WHERE 1=1";
|
||||
$this->query_from_where .= " $search_sql";
|
||||
|
||||
@ -36,9 +36,9 @@ if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5)
|
||||
$returns = explode("\n", $body);
|
||||
|
||||
foreach ($returns as $return) :
|
||||
$time = $wpdb->escape( substr($return, 0, 19) );
|
||||
$uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
|
||||
$wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'");
|
||||
$time = substr($return, 0, 19);
|
||||
$uri = preg_replace('/(.*?) | (.*?)/', '$2', $return);
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) );
|
||||
endforeach;
|
||||
}
|
||||
?>
|
||||
|
||||
@ -211,7 +211,7 @@ if ( $page_links )
|
||||
|
||||
if ( 1 == count($posts) && is_singular() ) :
|
||||
|
||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
|
||||
$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
|
||||
if ( $comments ) :
|
||||
// Make sure comments, post, and post_author are cached
|
||||
update_comment_cache($comments);
|
||||
|
||||
@ -11,7 +11,7 @@ nocache_headers();
|
||||
|
||||
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
||||
|
||||
$status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
|
||||
$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
|
||||
|
||||
if ( empty($status->comment_status) ) {
|
||||
do_action('comment_id_not_found', $comment_post_ID);
|
||||
|
||||
@ -241,7 +241,7 @@ function get_comment_count( $post_id = 0 ) {
|
||||
|
||||
$where = '';
|
||||
if ( $post_id > 0 ) {
|
||||
$where = "WHERE comment_post_ID = {$post_id}";
|
||||
$where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id);
|
||||
}
|
||||
|
||||
$totals = (array) $wpdb->get_results("
|
||||
@ -379,7 +379,7 @@ function check_comment_flood_db( $ip, $email, $date ) {
|
||||
global $wpdb;
|
||||
if ( current_user_can( 'manage_options' ) )
|
||||
return; // don't throttle admins
|
||||
if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
|
||||
if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) {
|
||||
$time_lastcomment = mysql2date('U', $lasttime);
|
||||
$time_newcomment = mysql2date('U', $date);
|
||||
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
|
||||
@ -487,7 +487,7 @@ function wp_delete_comment($comment_id) {
|
||||
|
||||
$comment = get_comment($comment_id);
|
||||
|
||||
if ( ! $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1") )
|
||||
if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) )
|
||||
return false;
|
||||
|
||||
$post_id = $comment->comment_post_ID;
|
||||
@ -585,11 +585,10 @@ function wp_insert_comment($commentdata) {
|
||||
if ( ! isset($user_id) )
|
||||
$user_id = 0;
|
||||
|
||||
$result = $wpdb->query("INSERT INTO $wpdb->comments
|
||||
$result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments
|
||||
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
|
||||
VALUES
|
||||
('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
|
||||
");
|
||||
VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)",
|
||||
$comment_post_ID, $comment_author, $comment_author_email, $comment_author_url, $comment_author_IP, $comment_date, $comment_date_gmt, $comment_content, $comment_approved, $comment_agent, $comment_type, $comment_parent, $user_id) );
|
||||
|
||||
$id = (int) $wpdb->insert_id;
|
||||
|
||||
@ -714,13 +713,13 @@ function wp_set_comment_status($comment_id, $comment_status) {
|
||||
|
||||
switch ( $comment_status ) {
|
||||
case 'hold':
|
||||
$query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
|
||||
$query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id);
|
||||
break;
|
||||
case 'approve':
|
||||
$query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
|
||||
$query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id);
|
||||
break;
|
||||
case 'spam':
|
||||
$query = "UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID='$comment_id' LIMIT 1";
|
||||
$query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id);
|
||||
break;
|
||||
case 'delete':
|
||||
return wp_delete_comment($comment_id);
|
||||
@ -774,16 +773,23 @@ function wp_update_comment($commentarr) {
|
||||
|
||||
$comment_date_gmt = get_gmt_from_date($comment_date);
|
||||
|
||||
$wpdb->query(
|
||||
"UPDATE $wpdb->comments SET
|
||||
comment_content = '$comment_content',
|
||||
comment_author = '$comment_author',
|
||||
comment_author_email = '$comment_author_email',
|
||||
comment_approved = '$comment_approved',
|
||||
comment_author_url = '$comment_author_url',
|
||||
comment_date = '$comment_date',
|
||||
comment_date_gmt = '$comment_date_gmt'
|
||||
WHERE comment_ID = $comment_ID" );
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET
|
||||
comment_content = %s,
|
||||
comment_author = %s,
|
||||
comment_author_email = %s,
|
||||
comment_approved = %s,
|
||||
comment_author_url = %s,
|
||||
comment_date = %s,
|
||||
comment_date_gmt = %s
|
||||
WHERE comment_ID = %d",
|
||||
$comment_content,
|
||||
$comment_author,
|
||||
$comment_author_email,
|
||||
$comment_approved,
|
||||
$comment_author_url,
|
||||
$comment_date,
|
||||
$comment_date_gmt
|
||||
$comment_ID) );
|
||||
|
||||
$rval = $wpdb->rows_affected;
|
||||
|
||||
@ -879,8 +885,8 @@ function wp_update_comment_count_now($post_id) {
|
||||
return false;
|
||||
|
||||
$old = (int) $post->comment_count;
|
||||
$new = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
|
||||
$wpdb->query("UPDATE $wpdb->posts SET comment_count = '$new' WHERE ID = '$post_id'");
|
||||
$new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) );
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) );
|
||||
|
||||
if ( 'page' == $post->post_type )
|
||||
clean_page_cache( $post_id );
|
||||
@ -1008,7 +1014,7 @@ function do_all_pings() {
|
||||
|
||||
// Do Enclosures
|
||||
while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
|
||||
$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) );
|
||||
do_enclose($enclosure->post_content, $enclosure->ID);
|
||||
}
|
||||
|
||||
@ -1035,11 +1041,11 @@ function do_all_pings() {
|
||||
function do_trackbacks($post_id) {
|
||||
global $wpdb;
|
||||
|
||||
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
|
||||
$post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) );
|
||||
$to_ping = get_to_ping($post_id);
|
||||
$pinged = get_pung($post_id);
|
||||
if ( empty($to_ping) ) {
|
||||
$wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) );
|
||||
return;
|
||||
}
|
||||
|
||||
@ -1060,7 +1066,7 @@ function do_trackbacks($post_id) {
|
||||
trackback($tb_ping, $post_title, $excerpt, $post_id);
|
||||
$pinged[] = $tb_ping;
|
||||
} else {
|
||||
$wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1225,8 +1231,8 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
|
||||
@fclose($fs);
|
||||
|
||||
$tb_url = addslashes( $tb_url );
|
||||
$wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
|
||||
return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) );
|
||||
return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -474,7 +474,7 @@ function get_posts($args) {
|
||||
$query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d AND $wpdb->term_taxonomy.taxonomy = 'category')", $category);
|
||||
$query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent);
|
||||
// expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works
|
||||
$query .= empty( $meta_key ) | empty($meta_value) ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )";
|
||||
$query .= empty( $meta_key ) | empty($meta_value) ? '' : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value);
|
||||
$query .= empty( $post_mime_type ) ? '' : wp_post_mime_type_where($post_mime_type);
|
||||
$query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order;
|
||||
if ( 0 < $numberposts )
|
||||
@ -1960,7 +1960,7 @@ function &get_pages($args = '') {
|
||||
$query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ;
|
||||
$query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ;
|
||||
// expected_slashed ($meta_key, $meta_value) -- also, it looks funky
|
||||
$query .= ( empty( $meta_key ) | empty($meta_value) ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ;
|
||||
$query .= ( empty( $meta_key ) | empty($meta_value) ? "" : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value) ) ;
|
||||
$query .= $author_query;
|
||||
$query .= " ORDER BY " . $sort_column . " " . $sort_order ;
|
||||
|
||||
@ -2737,7 +2737,7 @@ function clean_page_cache($id) {
|
||||
|
||||
do_action('clean_page_cache', $id);
|
||||
|
||||
if ( $children = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_parent = '$id'" ) )
|
||||
if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) )
|
||||
foreach( $children as $cid )
|
||||
clean_post_cache( $cid );
|
||||
}
|
||||
@ -2974,7 +2974,7 @@ function _get_post_ancestors(&$_post) {
|
||||
return;
|
||||
|
||||
$id = $_post->ancestors[] = $_post->post_parent;
|
||||
while ( $ancestor = $wpdb->get_var("SELECT `post_parent` FROM $wpdb->posts WHERE ID= '{$id}' LIMIT 1") ) {
|
||||
while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) {
|
||||
if ( $id == $ancestor )
|
||||
break;
|
||||
$id = $_post->ancestors[] = $ancestor;
|
||||
|
||||
@ -749,7 +749,7 @@ function is_term($term, $taxonomy = '') {
|
||||
}
|
||||
|
||||
if ( !empty($taxonomy) )
|
||||
return $wpdb->get_row("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = '$taxonomy'", ARRAY_A);
|
||||
return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $taxonomy), ARRAY_A);
|
||||
|
||||
return $wpdb->get_var("SELECT term_id FROM $wpdb->terms as t WHERE $where");
|
||||
}
|
||||
@ -888,8 +888,7 @@ function wp_count_terms( $taxonomy, $args = array() ) {
|
||||
if ( $ignore_empty )
|
||||
$where = 'AND count > 0';
|
||||
|
||||
$taxonomy = $wpdb->escape( $taxonomy );
|
||||
return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = '$taxonomy' $where");
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) );
|
||||
}
|
||||
|
||||
/**
|
||||
@ -918,7 +917,7 @@ function wp_delete_object_term_relationships( $object_id, $taxonomies ) {
|
||||
foreach ( $taxonomies as $taxonomy ) {
|
||||
$terms = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids');
|
||||
$in_terms = "'" . implode("', '", $terms) . "'";
|
||||
$wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_terms)");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_terms)", $object_id) );
|
||||
wp_update_term_count($terms, $taxonomy);
|
||||
}
|
||||
}
|
||||
@ -1293,7 +1292,7 @@ function wp_set_object_terms($object_id, $terms, $taxonomy, $append = false) {
|
||||
$delete_terms = array_diff($old_terms, $tt_ids);
|
||||
if ( $delete_terms ) {
|
||||
$in_delete_terms = "'" . implode("', '", $delete_terms) . "'";
|
||||
$wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_delete_terms)");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) );
|
||||
wp_update_term_count($delete_terms, $taxonomy);
|
||||
}
|
||||
}
|
||||
|
||||
@ -57,13 +57,13 @@ function get_profile($field, $user = false) {
|
||||
global $wpdb;
|
||||
if ( !$user )
|
||||
$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
|
||||
return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
|
||||
}
|
||||
|
||||
function get_usernumposts($userid) {
|
||||
global $wpdb;
|
||||
$userid = (int) $userid;
|
||||
return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND " . get_private_posts_cap_sql('post'));
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
|
||||
}
|
||||
|
||||
// TODO: xmlrpc only. Maybe move to xmlrpc.php.
|
||||
@ -130,9 +130,9 @@ function delete_usermeta( $user_id, $meta_key, $meta_value = '' ) {
|
||||
$meta_value = trim( $meta_value );
|
||||
|
||||
if ( ! empty($meta_value) )
|
||||
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $userid, $meta_key, $meta_value) );
|
||||
else
|
||||
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
||||
|
||||
wp_cache_delete($user_id, 'users');
|
||||
|
||||
@ -148,9 +148,9 @@ function get_usermeta( $user_id, $meta_key = '') {
|
||||
|
||||
if ( !empty($meta_key) ) {
|
||||
$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
|
||||
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
||||
} else {
|
||||
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
|
||||
$metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
|
||||
}
|
||||
|
||||
if ( empty($metas) ) {
|
||||
@ -185,13 +185,13 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
|
||||
return delete_usermeta($user_id, $meta_key);
|
||||
}
|
||||
|
||||
$cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
|
||||
if ( !$cur ) {
|
||||
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
|
||||
VALUES
|
||||
( '$user_id', '$meta_key', '$meta_value' )");
|
||||
} else if ( $cur->meta_value != $meta_value ) {
|
||||
$wpdb->query("UPDATE $wpdb->usermeta SET meta_value = '$meta_value' WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -86,7 +86,7 @@ if ( !empty($tb_url) && !empty($title) ) {
|
||||
$comment_content = "<strong>$title</strong>\n\n$excerpt";
|
||||
$comment_type = 'trackback';
|
||||
|
||||
$dupe = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_author_url = '$comment_author_url'");
|
||||
$dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
|
||||
if ( $dupe )
|
||||
trackback_response(1, 'We already have a ping from that URL for this post.');
|
||||
|
||||
|
||||
10
xmlrpc.php
10
xmlrpc.php
@ -1352,7 +1352,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
if( is_array( $attachments ) ) {
|
||||
foreach( $attachments as $file ) {
|
||||
if( strpos( $post_content, $file->guid ) !== false ) {
|
||||
$wpdb->query( "UPDATE {$wpdb->posts} SET post_parent = '$post_ID' WHERE ID = '{$file->ID}'" );
|
||||
$wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) );
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -2093,7 +2093,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(404, __('Sorry, no such post.'));
|
||||
}
|
||||
|
||||
$comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID");
|
||||
$comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
|
||||
|
||||
if (!$comments) {
|
||||
return array();
|
||||
@ -2206,7 +2206,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
} elseif (is_string($urltest['fragment'])) {
|
||||
// ...or a string #title, a little more complicated
|
||||
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
|
||||
$sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'";
|
||||
$sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
|
||||
if (! ($post_ID = $wpdb->get_var($sql)) ) {
|
||||
// returning unknown error '0' is better than die()ing
|
||||
return new IXR_Error(0, '');
|
||||
@ -2235,7 +2235,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'));
|
||||
|
||||
// Let's check that the remote site didn't already pingback this entry
|
||||
$wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'");
|
||||
$wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) );
|
||||
|
||||
if ( $wpdb->num_rows ) // We already have a Pingback from this URL
|
||||
return new IXR_Error(48, __('The pingback has already been registered.'));
|
||||
@ -2344,7 +2344,7 @@ class wp_xmlrpc_server extends IXR_Server {
|
||||
return new IXR_Error(32, __('The specified target URL does not exist.'));
|
||||
}
|
||||
|
||||
$comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID");
|
||||
$comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
|
||||
|
||||
if (!$comments) {
|
||||
return array();
|
||||
|
||||
Loading…
Reference in New Issue
Block a user