Ticket #6644: prepared_queries2.diff

File prepared_queries2.diff, 2.8 kB (added by filosofo, 8 months ago)

  • wp-includes/post.php

    old new  
    474474        $query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d AND $wpdb->term_taxonomy.taxonomy = 'category')", $category); 
    475475        $query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent); 
    476476        // expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works 
    477         $query .= empty( $meta_key ) | empty($meta_value)  ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )"
     477        $query .= empty( $meta_key ) | empty($meta_value)  ? '' : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value)
    478478        $query .= empty( $post_mime_type ) ? '' : wp_post_mime_type_where($post_mime_type); 
    479479        $query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order; 
    480480        if ( 0 < $numberposts ) 
     
    19451945        $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ; 
    19461946        $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ; 
    19471947        // expected_slashed ($meta_key, $meta_value) -- also, it looks funky 
    1948         $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ; 
     1948        $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value) ) ; 
    19491949        $query .= $author_query; 
    19501950        $query .= " ORDER BY " . $sort_column . " " . $sort_order ; 
    19511951 
     
    27222722 
    27232723        do_action('clean_page_cache', $id); 
    27242724 
    2725         if ( $children = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_parent = '$id'" ) ) 
     2725        if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) 
    27262726                foreach( $children as $cid ) 
    27272727                        clean_post_cache( $cid ); 
    27282728} 
     
    29592959        return; 
    29602960 
    29612961    $id = $_post->ancestors[] = $_post->post_parent; 
    2962     while ( $ancestor = $wpdb->get_var("SELECT `post_parent` FROM $wpdb->posts WHERE ID= '{$id}' LIMIT 1") ) { 
     2962    while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) { 
    29632963        if ( $id == $ancestor ) 
    29642964                break; 
    29652965        $id = $_post->ancestors[] = $ancestor;