Fix potential SQLi through improper use of API functions.

git-svn-id: http://core.svn.wordpress.org/trunk@24875 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Jon Cave 2013-07-29 18:16:47 +00:00
parent f39e2c28ce
commit 5c57c78afa
2 changed files with 2 additions and 2 deletions

View File

@ -371,7 +371,7 @@ function update_user_status( $id, $pref, $value, $deprecated = null ) {
if ( null !== $deprecated )
_deprecated_argument( __FUNCTION__, '3.1' );
$wpdb->update( $wpdb->users, array( $pref => $value ), array( 'ID' => $id ) );
$wpdb->update( $wpdb->users, array( sanitize_key( $pref ) => $value ), array( 'ID' => $id ) );
$user = new WP_User( $id );
clean_user_cache( $user );

View File

@ -186,7 +186,7 @@ function get_bookmarks($args = '') {
}
if ( ! empty($search) ) {
$search = like_escape($search);
$search = esc_sql( like_escape( $search ) );
$search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
}