mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
Strip and prepare ajax tag search string. Avoids applying slashes toward the character count. Props brianlayman. see #13580
git-svn-id: http://svn.automattic.com/wordpress/trunk@17256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
6a7411f3b0
commit
8dbe915535
@ -86,7 +86,7 @@ case 'ajax-tag-search' :
|
||||
die('0');
|
||||
}
|
||||
|
||||
$s = $_GET['q']; // is this slashed already?
|
||||
$s = stripslashes( $_GET['q'] );
|
||||
|
||||
if ( false !== strpos( $s, ',' ) ) {
|
||||
$s = explode( ',', $s );
|
||||
@ -96,7 +96,7 @@ case 'ajax-tag-search' :
|
||||
if ( strlen( $s ) < 2 )
|
||||
die; // require 2 chars for matching
|
||||
|
||||
$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
|
||||
$results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
|
||||
|
||||
echo join( $results, "\n" );
|
||||
die;
|
||||
|
Loading…
Reference in New Issue
Block a user