[wp-cvs] wordpress/wp-includes classes.php,1.6,1.7

Ryan Boren rboren at users.sourceforge.net
Sat Aug 14 16:08:59 UTC 2004 

Update of /cvsroot/cafelog/wordpress/wp-includes
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3643/wp-includes

Modified Files:
	classes.php 
Log Message:
Use sanitize_title() to process post, page, author, and category names in the query.

Index: classes.php
===================================================================
RCS file: /cvsroot/cafelog/wordpress/wp-includes/classes.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** classes.php	11 Aug 2004 01:55:34 -0000	1.6
--- classes.php	14 Aug 2004 16:08:57 -0000	1.7
***************
*** 219,227 ****
  
          if ('' != $q['name']) {
!             $q['name'] = preg_replace('/[^a-z0-9-_]/', '', $q['name']);
              $where .= " AND post_name = '" . $q['name'] . "'";
          } else if ('' != $q['pagename']) {
  	    // If pagename is set, set static to true and set name to pagename.
! 	    $q['pagename'] = preg_replace('/[^a-z0-9-_]/', '', $q['pagename']);
  	    $q['name'] = $q['pagename'];
  	    $q['static'] = true;
--- 219,227 ----
  
          if ('' != $q['name']) {
!   	    $q['name'] = sanitize_title($q['name']);
              $where .= " AND post_name = '" . $q['name'] . "'";
          } else if ('' != $q['pagename']) {
  	    // If pagename is set, set static to true and set name to pagename.
! 	    $q['pagename'] = sanitize_title($q['pagename']);
  	    $q['name'] = $q['pagename'];
  	    $q['static'] = true;
***************
*** 317,321 ****
                  }
              }
!             $q['category_name'] = preg_replace('|[^a-z0-9-_]|i', '', $q['category_name']);
              $tables = ", $wpdb->post2cat, $wpdb->categories";
              $join = " LEFT JOIN $wpdb->post2cat ON ($wpdb->posts.ID = $wpdb->post2cat.post_id) LEFT JOIN $wpdb->categories ON ($wpdb->post2cat.category_id = $wpdb->categories.cat_ID) ";
--- 317,321 ----
                  }
              }
!             $q['category_name'] = sanitize_title($q['category_name']);
              $tables = ", $wpdb->post2cat, $wpdb->categories";
              $join = " LEFT JOIN $wpdb->post2cat ON ($wpdb->posts.ID = $wpdb->post2cat.post_id) LEFT JOIN $wpdb->categories ON ($wpdb->post2cat.category_id = $wpdb->categories.cat_ID) ";
***************
*** 361,365 ****
                  }
              }
!             $q['author_name'] = preg_replace('|[^a-z0-9-_]|', '', strtolower($q['author_name']));
              $q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'");
              $whichauthor .= ' AND (post_author = '.intval($q['author']).')';
--- 361,365 ----
                  }
              }
!             $q['author_name'] = sanitize_title($q['author_name']);
              $q['author'] = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_nicename='".$q['author_name']."'");
              $whichauthor .= ' AND (post_author = '.intval($q['author']).')';

More information about the cvs mailing list