Skip to:
Content

bbPress.org

Changeset 4735


Ignore:
Timestamp:
01/29/2013 07:27:55 PM (9 years ago)
Author:
johnjamesjacoby
Message:

Prepare query in bbp_check_for_duplicate(). See #2185.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/common/functions.php

    r4701 r4735  
    682682        $join    = $clauses['join'];
    683683        $where   = $clauses['where'];
    684     } else{
     684    } else {
    685685        $join    = $where = '';
    686686    }
     
    688688    // Simple duplicate check
    689689    // Expected slashed ($post_type, $post_parent, $post_author, $post_content, $anonymous_data)
    690     $query  = "SELECT ID FROM {$wpdb->posts} {$join} WHERE post_type = '{$r['post_type']}' AND post_status != '{$r['post_status']}' AND post_author = {$r['post_author']} AND post_content = '{$r['post_content']}' {$where}";
    691     $query .= !empty( $r['post_parent'] ) ? " AND post_parent = '{$r['post_parent']}'" : '';
     690    $query  = $wpdb->prepare( "SELECT ID FROM {$wpdb->posts} {$join} WHERE post_type = '%s' AND post_status != '%s' AND post_author = '%d' AND post_content = '%s' {$where}", $r['post_type'], $r['post_status'], $r['post_author'], $r['post_content'] );
     691    $query .= !empty( $r['post_parent'] ) ? $wpdb->prepare( " AND post_parent = '%d'", $r['post_parent'] ) : '';
    692692    $query .= " LIMIT 1";
    693693    $dupe   = apply_filters( 'bbp_check_for_duplicate_query', $query, $r );
Note: See TracChangeset for help on using the changeset viewer.