Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-27 22:58:40 +02:00
Code Issues Projects Releases Wiki Activity

Add some prophylactic int casts and quoting.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-04 22:25:24 +00:00
parent 925ced49fc
commit e1e33b5eea
4 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/comment-functions.php
View File

@ -902,6 +902,8 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
function get_approved_comments($post_id) { function get_approved_comments($post_id) {
global $wpdb; global $wpdb;
$post_id = (int) $post_id;
return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date"); return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
} }

16
wp-includes/functions-post.php
View File

@ -352,7 +352,7 @@ function wp_delete_attachment($postid) {
global $wpdb; global $wpdb;
$postid = (int) $postid; $postid = (int) $postid;
if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") ) if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
return $post; return $post;
if ( 'attachment' != $post->post_status ) if ( 'attachment' != $post->post_status )
@ -361,17 +361,17 @@ function wp_delete_attachment($postid) {
$meta = get_post_meta($postid, '_wp_attachment_metadata', true); $meta = get_post_meta($postid, '_wp_attachment_metadata', true);
$file = get_post_meta($postid, '_wp_attached_file', true); $file = get_post_meta($postid, '_wp_attached_file', true);
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid"); $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid"); $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid"); $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid"); $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
if ( ! empty($meta['thumb']) ) { if ( ! empty($meta['thumb']) ) {
// Don't delete the thumb if another attachment uses it // Don't delete the thumb if another attachment uses it
if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid")) if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
@ unlink(str_replace(basename($file), $meta['thumb'], $file)); @ unlink(str_replace(basename($file), $meta['thumb'], $file));
} }
@ -456,9 +456,11 @@ function wp_update_post($postarr = array()) {
function wp_get_post_cats($blogid = '1', $post_ID = 0) { function wp_get_post_cats($blogid = '1', $post_ID = 0) {
global $wpdb; global $wpdb;
$post_ID = (int) $post_ID;
$sql = "SELECT category_id $sql = "SELECT category_id
FROM $wpdb->post2cat FROM $wpdb->post2cat
WHERE post_id = $post_ID WHERE post_id = '$post_ID'
ORDER BY category_id"; ORDER BY category_id";
$result = $wpdb->get_col($sql); $result = $wpdb->get_col($sql);

5
wp-includes/links.php
View File

@ -445,9 +445,10 @@ function get_links_withrating($category = -1, $before = '', $after = '<br />',
** uses 0 ** uses 0
*/ */
function get_linkcatname($id = 0) { function get_linkcatname($id = 0) {
$id = (int) $id;
global $wpdb; global $wpdb;
$cat_name = ''; $cat_name = '';
if ('' != $id) { if ( !empty($id) ) {
$cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id"); $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->linkcategories WHERE cat_id=$id");
} }
return $cat_name; return $cat_name;
@ -562,4 +563,4 @@ function get_links_list($order = 'name', $hide_if_empty = 'obsolete') {
} }
} }
?> ?>

4
wp-includes/template-functions-general.php
View File

@ -509,8 +509,8 @@ function get_calendar($daylength = 1) {
// Get days with posts // Get days with posts
$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date) $dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
AND YEAR(post_date) = $thisyear AND YEAR(post_date) = '$thisyear'
AND post_status = 'publish' AND post_status = 'publish'
AND post_date < '" . current_time('mysql') . '\'', ARRAY_N); AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
if ( $dayswithposts ) { if ( $dayswithposts ) {