Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-29 07:37:44 +02:00
Code Issues Projects Releases Wiki Activity

Stripslashes post meta values before handing off to add_post_meta. Use wpdb::escape instead of addslashes. Props takayukister. fixes #4028

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-04-12 02:58:41 +00:00
parent 0e28e967ad
commit 44111a3ae7
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/import/wordpress.php
View File

@ -35,8 +35,9 @@ class WP_Import {
}
function get_tag( $string, $tag ) {
global $wpdb;
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
$return = addslashes( trim( $return[1] ) );
$return = $wpdb->escape( trim( $return[1] ) );
return $return;
}
@ -336,6 +337,7 @@ class WP_Import {
if ( $postmeta) { foreach ($postmeta as $p) {
$key = $this->get_tag( $p, 'wp:meta_key' );
$value = $this->get_tag( $p, 'wp:meta_value' );
$value = stripslashes($value); // add_post_meta() will escape.
add_post_meta( $post_id, $key, $value );
} }
}