mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Use like_escape to make safe search string for like queries.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f1e8a2107a
commit
a3e49fff6e
@ -311,11 +311,12 @@ switch( $_GET['action'] ) {
|
|||||||
$apage = ( isset($_GET['apage'] ) && intval( $_GET['apage'] ) ) ? absint( $_GET['apage'] ) : 1;
|
$apage = ( isset($_GET['apage'] ) && intval( $_GET['apage'] ) ) ? absint( $_GET['apage'] ) : 1;
|
||||||
$num = ( isset($_GET['num'] ) && intval( $_GET['num'] ) ) ? absint( $_GET['num'] ) : 15;
|
$num = ( isset($_GET['num'] ) && intval( $_GET['num'] ) ) ? absint( $_GET['num'] ) : 15;
|
||||||
$s = wp_specialchars( trim( $_GET[ 's' ] ) );
|
$s = wp_specialchars( trim( $_GET[ 's' ] ) );
|
||||||
|
$like_s = like_escape($s);
|
||||||
|
|
||||||
$query = "SELECT * FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' ";
|
$query = "SELECT * FROM {$wpdb->blogs} WHERE site_id = '{$wpdb->siteid}' ";
|
||||||
|
|
||||||
if( isset($_GET['blog_name']) ) {
|
if( isset($_GET['blog_name']) ) {
|
||||||
$query .= " AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) ";
|
$query .= " AND ( {$wpdb->blogs}.domain LIKE '%{$like_s}%' OR {$wpdb->blogs}.path LIKE '%{$like_s}%' ) ";
|
||||||
} elseif( isset($_GET['blog_id']) ) {
|
} elseif( isset($_GET['blog_id']) ) {
|
||||||
$query .= " AND blog_id = '". absint( $_GET['blog_id'] )."' ";
|
$query .= " AND blog_id = '". absint( $_GET['blog_id'] )."' ";
|
||||||
} elseif( isset($_GET['blog_ip']) ) {
|
} elseif( isset($_GET['blog_ip']) ) {
|
||||||
@ -323,7 +324,7 @@ switch( $_GET['action'] ) {
|
|||||||
FROM {$wpdb->blogs}, {$wpdb->registration_log}
|
FROM {$wpdb->blogs}, {$wpdb->registration_log}
|
||||||
WHERE site_id = '{$wpdb->siteid}'
|
WHERE site_id = '{$wpdb->siteid}'
|
||||||
AND {$wpdb->blogs}.blog_id = {$wpdb->registration_log}.blog_id
|
AND {$wpdb->blogs}.blog_id = {$wpdb->registration_log}.blog_id
|
||||||
AND {$wpdb->registration_log}.IP LIKE ('%{$s}%')";
|
AND {$wpdb->registration_log}.IP LIKE ('%{$like_s}%')";
|
||||||
}
|
}
|
||||||
|
|
||||||
if( isset( $_GET['sortby'] ) == false ) {
|
if( isset( $_GET['sortby'] ) == false ) {
|
||||||
|
Loading…
Reference in New Issue
Block a user