mirror of
https://github.com/WordPress/WordPress.git
synced 2024-09-27 14:53:08 +02:00
Add prohphylactic addlashes when evaling query. Props xknown.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
c61a4db3e5
commit
a465f3ac7d
@ -110,7 +110,7 @@ class WP {
|
||||
$query = preg_replace("!^.+\?!", '', $query);
|
||||
|
||||
// Substitute the substring matches into the query.
|
||||
eval("\$query = \"$query\";");
|
||||
eval("\$query = \"" . addslashes($query) . "\";");
|
||||
$this->matched_query = $query;
|
||||
|
||||
// Parse the query.
|
||||
|
@ -152,7 +152,7 @@ function url_to_postid($url) {
|
||||
$query = preg_replace("!^.+\?!", '', $query);
|
||||
|
||||
// Substitute the substring matches into the query.
|
||||
eval("\$query = \"$query\";");
|
||||
eval("\$query = \"" . addslashes($query) . "\";");
|
||||
// Filter out non-public query vars
|
||||
global $wp;
|
||||
parse_str($query, $query_vars);
|
||||
|
Loading…
Reference in New Issue
Block a user