esc_sql() for wp-includes

git-svn-id: http://svn.automattic.com/wordpress/trunk@11978 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/comment.php

@@ -1229,7 +1229,7 @@ function wp_update_comment($commentarr) {
 	$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
 
 	// Escape data pulled from DB.
-	$comment = $wpdb->escape($comment);
+	$comment = esc_sql($comment);
 
 	$old_status = $comment['comment_approved'];
 

wp-includes/formatting.php

@@ -1110,7 +1110,7 @@ function addslashes_gpc($gpc) {
 		$gpc = stripslashes($gpc);
 	}
 
-	return $wpdb->escape($gpc);
+	return esc_sql($gpc);
 }
 
 /**
@@ -1280,7 +1280,7 @@ function wp_rel_nofollow( $text ) {
 	// This is a pre save filter, so text is already escaped.
 	$text = stripslashes($text);
 	$text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
-	$text = $wpdb->escape($text);
+	$text = esc_sql($text);
 	return $text;
 }
 

wp-includes/functions.php

@@ -497,7 +497,7 @@ function update_option( $option_name, $newvalue ) {
 
 	wp_protect_special_option( $option_name );
 
-	$safe_option_name = $wpdb->escape( $option_name );
+	$safe_option_name = esc_sql( $option_name );
 	$newvalue = sanitize_option( $option_name, $newvalue );
 
 	$oldvalue = get_option( $safe_option_name );
@@ -571,7 +571,7 @@ function add_option( $name, $value = '', $deprecated = '', $autoload = 'yes' ) {
 	global $wpdb;
 
 	wp_protect_special_option( $name );
-	$safe_name = $wpdb->escape( $name );
+	$safe_name = esc_sql( $name );
 	$value = sanitize_option( $name, $value );
 
 	// Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
@@ -654,7 +654,7 @@ function delete_transient($transient) {
 	if ( $_wp_using_ext_object_cache ) {
 		return wp_cache_delete($transient, 'transient');
 	} else {
-		$transient = '_transient_' . $wpdb->escape($transient);
+		$transient = '_transient_' . esc_sql($transient);
 		return delete_option($transient);
 	}
 }
@@ -682,11 +682,11 @@ function get_transient($transient) {
 	if ( $_wp_using_ext_object_cache ) {
 		$value = wp_cache_get($transient, 'transient');
 	} else {
-		$transient_option = '_transient_' . $wpdb->escape($transient);
+		$transient_option = '_transient_' . esc_sql($transient);
 		// If option is not in alloptions, it is not autoloaded and thus has a timeout
 		$alloptions = wp_load_alloptions();
 		if ( !isset( $alloptions[$transient_option] ) ) {
-			$transient_timeout = '_transient_timeout_' . $wpdb->escape($transient);
+			$transient_timeout = '_transient_timeout_' . esc_sql($transient);
 			if ( get_option($transient_timeout) < time() ) {
 				delete_option($transient_option);
 				delete_option($transient_timeout);
@@ -723,7 +723,7 @@ function set_transient($transient, $value, $expiration = 0) {
 	} else {
 		$transient_timeout = '_transient_timeout_' . $transient;
 		$transient = '_transient_' . $transient;
-		$safe_transient = $wpdb->escape($transient);
+		$safe_transient = esc_sql($transient);
 		if ( false === get_option( $safe_transient ) ) {
 			$autoload = 'yes';
 			if ( 0 != $expiration ) {
@@ -1412,7 +1412,7 @@ function add_magic_quotes( $array ) {
 		if ( is_array( $v ) ) {
 			$array[$k] = add_magic_quotes( $v );
 		} else {
-			$array[$k] = $wpdb->escape( $v );
+			$array[$k] = esc_sql( $v );
 		}
 	}
 	return $array;

wp-includes/post.php

@@ -1752,7 +1752,7 @@ function wp_unique_post_slug($slug, $post_ID, $post_status, $post_type, $post_pa
 	} elseif ( in_array($post_type, $hierarchical_post_types) ) {
 		// Page slugs must be unique within their own trees.  Pages are in a
 		// separate namespace than posts so page slugs are allowed to overlap post slugs.
-		$check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", $wpdb->escape($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1";
+		$check_sql = "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type IN ( '" . implode("', '", esc_sql($hierarchical_post_types)) . "' ) AND ID != %d AND post_parent = %d LIMIT 1";
 		$post_name_check = $wpdb->get_var($wpdb->prepare($check_sql, $slug, $post_ID, $post_parent));
 
 		if ( $post_name_check || in_array($slug, $wp_rewrite->feeds) ) {

wp-includes/query.php

@@ -1756,7 +1756,7 @@ class WP_Query {
 				$search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))";
 				$searchand = ' AND ';
 			}
-			$term = $wpdb->escape($q['s']);
+			$term = esc_sql($q['s']);
 			if (empty($q['sentence']) && count($q['search_terms']) > 1 && $q['search_terms'][0] != $q['s'] )
 				$search .= " OR ($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}')";
 

wp-includes/registration.php

@@ -293,8 +293,8 @@ function wp_update_user($userdata) {
 function wp_create_user($username, $password, $email = '') {
 	global $wpdb;
 
-	$user_login = $wpdb->escape($username);
-	$user_email = $wpdb->escape($email);
+	$user_login = esc_sql( $username );
+	$user_email = esc_sql( $email    );
 	$user_pass = $password;
 
 	$userdata = compact('user_login', 'user_email', 'user_pass');

wp-includes/user.php

@@ -153,7 +153,7 @@ function wp_authenticate_cookie($user, $username, $password) {
 function get_profile($field, $user = false) {
 	global $wpdb;
 	if ( !$user )
-		$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
+		$user = esc_sql( $_COOKIE[USER_COOKIE] );
 	return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
 }