From e1e33b5eea5dc2c46eb200422c3ff5635fdc3808 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 4 May 2006 22:25:24 +0000
Subject: [PATCH] Add some prophylactic int casts and quoting.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/comment-functions.php          |  2 ++
 wp-includes/functions-post.php             | 16 +++++++++-------
 wp-includes/links.php                      |  5 +++--
 wp-includes/template-functions-general.php |  4 ++--
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/wp-includes/comment-functions.php b/wp-includes/comment-functions.php
index 35a3e0c9b9..25e422efea 100644
--- a/wp-includes/comment-functions.php
+++ b/wp-includes/comment-functions.php
@@ -902,6 +902,8 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
 
 function get_approved_comments($post_id) {
 	global $wpdb;
+
+	$post_id = (int) $post_id;
 	return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
 }
 
diff --git a/wp-includes/functions-post.php b/wp-includes/functions-post.php
index 842980f6c2..8713779a71 100644
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@@ -352,7 +352,7 @@ function wp_delete_attachment($postid) {
 	global $wpdb;
 	$postid = (int) $postid;
 
-	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
+	if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
 		return $post;
 
 	if ( 'attachment' != $post->post_status )
@@ -361,17 +361,17 @@ function wp_delete_attachment($postid) {
 	$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
 	$file = get_post_meta($postid, '_wp_attached_file', true);
 
-	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
+	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
 
-	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
+	$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
 
 	if ( ! empty($meta['thumb']) ) {
 		// Don't delete the thumb if another attachment uses it
-		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
+		if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
 			@ unlink(str_replace(basename($file), $meta['thumb'], $file));
 	}
 
@@ -456,9 +456,11 @@ function wp_update_post($postarr = array()) {
 function wp_get_post_cats($blogid = '1', $post_ID = 0) {
 	global $wpdb;
 	
+	$post_ID = (int) $post_ID;
+
 	$sql = "SELECT category_id 
 		FROM $wpdb->post2cat 
-		WHERE post_id = $post_ID 
+		WHERE post_id = '$post_ID' 
 		ORDER BY category_id";
 
 	$result = $wpdb->get_col($sql);
diff --git a/wp-includes/links.php b/wp-includes/links.php
index 6010a26f65..71e2159cf6 100644
--- a/wp-includes/links.php
+++ b/wp-includes/links.php
@@ -445,9 +445,10 @@ function get_links_withrating($category = -1, $before = '', $after = '<br />',
  **                uses 0
  */
 function get_linkcatname($id = 0) {
+    $id = (int) $id;
     global $wpdb;
     $cat_name = '';
-    if ('' != $id) {
+    if ( !empty($id) ) {
         $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
     }
     return $cat_name;
@@ -562,4 +563,4 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
 	}
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/wp-includes/template-functions-general.php b/wp-includes/template-functions-general.php
index 2f3b7783df..fd05904319 100644
--- a/wp-includes/template-functions-general.php
+++ b/wp-includes/template-functions-general.php
@@ -509,8 +509,8 @@ function get_calendar($daylength = 1) {
 
 	// Get days with posts
 	$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
-		FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
-		AND YEAR(post_date) = $thisyear
+		FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
+		AND YEAR(post_date) = '$thisyear'
 		AND post_status = 'publish'
 		AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
 	if ( $dayswithposts ) {