Add prohphylactic addlashes when evaling query. Props xknown.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
c61a4db3e5
commit
a465f3ac7d
|
@ -110,7 +110,7 @@ class WP {
|
||||||
$query = preg_replace("!^.+\?!", '', $query);
|
$query = preg_replace("!^.+\?!", '', $query);
|
||||||
|
|
||||||
// Substitute the substring matches into the query.
|
// Substitute the substring matches into the query.
|
||||||
eval("\$query = \"$query\";");
|
eval("\$query = \"" . addslashes($query) . "\";");
|
||||||
$this->matched_query = $query;
|
$this->matched_query = $query;
|
||||||
|
|
||||||
// Parse the query.
|
// Parse the query.
|
||||||
|
|
|
@ -152,7 +152,7 @@ function url_to_postid($url) {
|
||||||
$query = preg_replace("!^.+\?!", '', $query);
|
$query = preg_replace("!^.+\?!", '', $query);
|
||||||
|
|
||||||
// Substitute the substring matches into the query.
|
// Substitute the substring matches into the query.
|
||||||
eval("\$query = \"$query\";");
|
eval("\$query = \"" . addslashes($query) . "\";");
|
||||||
// Filter out non-public query vars
|
// Filter out non-public query vars
|
||||||
global $wp;
|
global $wp;
|
||||||
parse_str($query, $query_vars);
|
parse_str($query, $query_vars);
|
||||||
|
|
Loading…
Reference in New Issue