diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index ac1ce2254..9b46ba35d 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -110,7 +110,7 @@ class WP {
 					$query = preg_replace("!^.+\?!", '', $query);
 
 					// Substitute the substring matches into the query.
-					eval("\$query = \"$query\";");
+					eval("\$query = \"" . addslashes($query) . "\";");
 					$this->matched_query = $query;
 
 					// Parse the query.
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php
index 6e6c47dc1..cbc0077d2 100644
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -152,7 +152,7 @@ function url_to_postid($url) {
 			$query = preg_replace("!^.+\?!", '', $query);
 
 			// Substitute the substring matches into the query.
-			eval("\$query = \"$query\";");
+			eval("\$query = \"" . addslashes($query) . "\";");
 			// Filter out non-public query vars
 			global $wp;
 			parse_str($query, $query_vars);