From a465f3ac7d573f639baba0fddfe437876e17902f Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 30 Jul 2008 17:17:38 +0000
Subject: [PATCH] Add prohphylactic addlashes when evaling query. Props xknown.

git-svn-id: http://svn.automattic.com/wordpress/trunk@8510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/classes.php | 2 +-
 wp-includes/rewrite.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index ac1ce2254..9b46ba35d 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -110,7 +110,7 @@ class WP {
 					$query = preg_replace("!^.+\?!", '', $query);
 
 					// Substitute the substring matches into the query.
-					eval("\$query = \"$query\";");
+					eval("\$query = \"" . addslashes($query) . "\";");
 					$this->matched_query = $query;
 
 					// Parse the query.
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php
index 6e6c47dc1..cbc0077d2 100644
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -152,7 +152,7 @@ function url_to_postid($url) {
 			$query = preg_replace("!^.+\?!", '', $query);
 
 			// Substitute the substring matches into the query.
-			eval("\$query = \"$query\";");
+			eval("\$query = \"" . addslashes($query) . "\";");
 			// Filter out non-public query vars
 			global $wp;
 			parse_str($query, $query_vars);