Ticket #6644: prepared_queries8.diff

wp-admin/includes/user.php

@@ -141 +141 @@
-function get_author_user_ids() {
-        global $wpdb;
-        $level_key = $wpdb->prefix . 'user_level';
-
-
-
-
+
-}
-
-function get_editable_authors( $user_id ) {
@@ -176 +173 @@
-
-        $level_key = $wpdb->prefix . 'user_level';
-
-"SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'"
+$wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key)
-        if ( $exclude_zeros )
-                $query .= " AND meta_value != '0'";
-
@@ -187 +184 @@
-        global $wpdb;
-        $level_key = $wpdb->prefix . 'user_level';
-
-
-
-
+
-}
-
-function get_others_unpublished_posts($user_id, $type='any') {
@@ -208 +203 @@
-                $other_unpubs = '';
-        } else {
-                $editable = join(',', $editable);
-"SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != '$user_id' ORDER BY post_modified $dir"
+ $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) 
-        }
-
-        return apply_filters('get_others_drafts', $other_unpubs);
@@ -241 +236 @@
-
-function get_users_drafts( $user_id ) {
-        global $wpdb;
-
-
+
-        $query = apply_filters('get_users_drafts', $query);
-        return $wpdb->get_results( $query );
-}
@@ -253 +247 @@
-        $id = (int) $id;
-
-        if ($reassign == 'novalue') {
-"SELECT ID FROM $wpdb->posts WHERE post_author = $id"
+ $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) 
-
-                if ($post_ids) {
-                        foreach ($post_ids as $post_id)
@@ -261 +255 @@
-                }
-
-                // Clean links
-"DELETE FROM $wpdb->links WHERE link_owner = $id"
+ $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) 
-        } else {
-                $reassign = (int) $reassign;
-"UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}"
-"UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}"
+ $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) 
+ $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d}", $reassign, $id) 
-        }
-
-        // FINALLY, delete user
-        do_action('delete_user', $id);
-
-"DELETE FROM $wpdb->users WHERE ID = $id"
-"DELETE FROM $wpdb->usermeta WHERE user_id = '$id'"
+ $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) 
+ $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) 
-
-        wp_cache_delete($id, 'users');
-        wp_cache_delete($user->user_login, 'userlogins');
@@ -323 +317 @@
-        function prepare_query() {
-                global $wpdb;
-                $this->first_user = ($this->page - 1) * $this->users_per_page;
-' LIMIT ' . $this->first_user . ',' . $this->users_per_page
+$wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page)
-                $this->query_sort = ' ORDER BY user_login';
-                $search_sql = '';
-                if ( $this->search_term ) {
@@ -337 +331 @@
-
-                $this->query_from_where = "FROM $wpdb->users";
-                if ( $this->role )
-" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE '%$this->role%'"
+$wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%')
-                else
-                        $this->query_from_where .= " WHERE 1=1";
-                $this->query_from_where .= " $search_sql";