Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 06:14:58 +02:00
Code Issues Projects Releases Wiki Activity

Use prepare() instead of addslashes(). props wpmuguru.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16643 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2010-12-01 01:51:32 +00:00
parent bd0a73d083
commit a0bc51f8d8
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-includes/comment.php
View File

@ -1865,9 +1865,8 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
if ( is_wp_error( $response ) )
return;
$tb_url = addslashes( $trackback_url );
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) );
return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) );
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', %s) WHERE ID = %d", $trackback_url, $ID) );
return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $trackback_url, $ID) );
}
/**