diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-23 18:28:40 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-23 18:28:40 +0000 |
| commit | 87bb8cd69cc593fe6bed330fb1791eac9df87167 (patch) | |
| tree | 6b2ad252df89d2a1863198fd44b321b59e42ef54 /wp-includes/comment-template.php | |
| parent | 0cbda3349a2571904ea063fdd73e018299919589 (diff) | |
| download | wordpress-mu-87bb8cd69cc593fe6bed330fb1791eac9df87167.tar.gz wordpress-mu-87bb8cd69cc593fe6bed330fb1791eac9df87167.tar.xz wordpress-mu-87bb8cd69cc593fe6bed330fb1791eac9df87167.zip | |
Merge with WordPress, rev 6285 and untested
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1125 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/comment-template.php')
| -rw-r--r-- | wp-includes/comment-template.php | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/wp-includes/comment-template.php b/wp-includes/comment-template.php index 99fecfe..1dc84c1 100644 --- a/wp-includes/comment-template.php +++ b/wp-includes/comment-template.php @@ -288,13 +288,11 @@ function comments_template( $file = '/comments.php' ) { // TODO: Use API instead of SELECTs. if ( $user_ID) { - $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND (comment_approved = '1' OR ( user_id = '$user_ID' AND comment_approved = '0' ) ) ORDER BY comment_date"); + $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND (comment_approved = '1' OR ( user_id = %d AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $user_ID)); } else if ( empty($comment_author) ) { - $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date"); + $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID)); } else { - $author_db = $wpdb->escape($comment_author); - $email_db = $wpdb->escape($comment_author_email); - $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date"); + $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email)); } // keep $comments for legacy's sake (remember $table*? ;) ) |