Add prohphylactic addlashes when evaling query. Props xknown.

git-svn-id: http://svn.automattic.com/wordpress/trunk@8510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-30 17:17:38 +00:00 · 2008-07-30 17:17:38 +00:00 · a465f3ac7d
parent c61a4db3e5
commit a465f3ac7d
2 changed files with 2 additions and 2 deletions
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@ -110,7 +110,7 @@ class WP {
 					$query = preg_replace("!^.+\?!", '', $query);

 					// Substitute the substring matches into the query.
-					eval("\$query = \"$query\";");
+					eval("\$query = \"" . addslashes($query) . "\";");
 					$this->matched_query = $query;

 					// Parse the query.
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@ -152,7 +152,7 @@ function url_to_postid($url) {
 			$query = preg_replace("!^.+\?!", '', $query);

 			// Substitute the substring matches into the query.
-			eval("\$query = \"$query\";");
+			eval("\$query = \"" . addslashes($query) . "\";");
 			// Filter out non-public query vars
 			global $wp;
 			parse_str($query, $query_vars);