mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
In get_site_by_path(), avoid passing $paths through prepare(). If a path contains a %, we end up with problems. see #27003.
Built from https://develop.svn.wordpress.org/trunk@27439 git-svn-id: http://core.svn.wordpress.org/trunk@27286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
ba27ced46b
commit
4fb0aa5ecb
@ -350,8 +350,9 @@ function get_site_by_path( $domain, $path, $segments = null ) {
|
||||
|
||||
if ( count( $paths ) > 1 ) {
|
||||
$paths = "'" . implode( "', '", $wpdb->_escape( $paths ) ) . "'";
|
||||
$site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->blogs
|
||||
WHERE domain = %s AND path IN ($paths) ORDER BY CHAR_LENGTH(path) DESC LIMIT 1", $domain ) );
|
||||
$sql = $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s", $domain );
|
||||
$sql .= " AND path IN ($paths) ORDER BY CHAR_LENGTH(path) DESC LIMIT 1";
|
||||
$site = $wpdb->get_row( $sql );
|
||||
} else {
|
||||
$site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->blogs WHERE domain = %s and path = %s", $domain, $paths[0] ) );
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user