In get_site_by_path(), avoid passing $paths through prepare(). If a path contains a %, we end up with problems. see #27003.

Built from https://develop.svn.wordpress.org/trunk@27439


git-svn-id: http://core.svn.wordpress.org/trunk@27286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2014-03-06 18:18:15 +00:00
parent ba27ced46b
commit 4fb0aa5ecb

View File

@ -350,8 +350,9 @@ function get_site_by_path( $domain, $path, $segments = null ) {
if ( count( $paths ) > 1 ) {
$paths = "'" . implode( "', '", $wpdb->_escape( $paths ) ) . "'";
$site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->blogs
WHERE domain = %s AND path IN ($paths) ORDER BY CHAR_LENGTH(path) DESC LIMIT 1", $domain ) );
$sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s", $domain );
$sql .= " AND path IN ($paths) ORDER BY CHAR_LENGTH(path) DESC LIMIT 1";
$site = $wpdb->get_row( $sql );
} else {
$site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s and path = %s", $domain, $paths[0] ) );
}