mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Stripslashes post meta values before handing off to add_post_meta. Use wpdb::escape instead of addslashes. Props takayukister. fixes #4028
git-svn-id: http://svn.automattic.com/wordpress/trunk@5249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
0e28e967ad
commit
44111a3ae7
@ -35,8 +35,9 @@ class WP_Import {
|
||||
}
|
||||
|
||||
function get_tag( $string, $tag ) {
|
||||
global $wpdb;
|
||||
preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
|
||||
$return = addslashes( trim( $return[1] ) );
|
||||
$return = $wpdb->escape( trim( $return[1] ) );
|
||||
return $return;
|
||||
}
|
||||
|
||||
@ -336,6 +337,7 @@ class WP_Import {
|
||||
if ( $postmeta) { foreach ($postmeta as $p) {
|
||||
$key = $this->get_tag( $p, 'wp:meta_key' );
|
||||
$value = $this->get_tag( $p, 'wp:meta_value' );
|
||||
$value = stripslashes($value); // add_post_meta() will escape.
|
||||
add_post_meta( $post_id, $key, $value );
|
||||
} }
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user