diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2005-08-15 10:58:43 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2005-08-15 10:58:43 +0000 |
commit | 3236ed913a21f8c638ddd15d9032cf51a2d560e3 (patch) | |
tree | f5647dcdd06067ee061f6506a86fc50ed0e57ba1 /wp-inst | |
parent | 83cb62b69d9052714b384eaa261c48b9d836458f (diff) | |
download | wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.tar.gz wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.tar.xz wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.zip |
Don't escape so much.. already have magic quotes
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@189 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-inst')
-rw-r--r-- | wp-inst/wp-admin/invites.php | 2 | ||||
-rw-r--r-- | wp-inst/wp-admin/wpmu-edit.php | 30 | ||||
-rw-r--r-- | wp-inst/wp-content/mu-plugins/invites.php | 30 | ||||
-rw-r--r-- | wp-inst/wp-includes/wpmu-functions.php | 5 |
4 files changed, 26 insertions, 41 deletions
diff --git a/wp-inst/wp-admin/invites.php b/wp-inst/wp-admin/invites.php index 8b21d7f..204d3e6 100644 --- a/wp-inst/wp-admin/invites.php +++ b/wp-inst/wp-admin/invites.php @@ -8,7 +8,7 @@ if( $_POST[ 'action' ] == 'send' ) { $invites_left = get_usermeta( $user_ID, 'invites_left' ); if( $invites_left != false ) { if( $_POST[ 'email' ] != '' && is_email( $_POST[ 'email' ] ) ) { - $email = $wpdb->escape( strtolower( $_POST[ 'email' ] ) ); + $email = strtolower( $_POST[ 'email' ] ); $invites_list = get_usermeta( $current_user->data->ID, "invites_list" ); $pos = strpos( $invites_list, substr( $email, 1 ) ); if( $pos == true ) { diff --git a/wp-inst/wp-admin/wpmu-edit.php b/wp-inst/wp-admin/wpmu-edit.php index 5824e40..1da0740 100644 --- a/wp-inst/wp-admin/wpmu-edit.php +++ b/wp-inst/wp-admin/wpmu-edit.php @@ -7,13 +7,13 @@ if( $wpblog != 'main' || $user_level < 10) { do_action( "wpmuadminedit", "" ); -$id = $wpdb->escape( $_POST[ 'id' ] ); +$id = $_POST[ 'id' ]; switch( $_GET[ 'action' ] ) { case "siteoptions": update_site_option( "WPLANG", $_POST[ 'WPLANG' ] ); - update_site_option( "illegal_names", split( ' ', $wpdb->escape( $_POST[ 'illegal_names' ] ) ) ); + update_site_option( "illegal_names", split( ' ', $_POST[ 'illegal_names' ] ) ); if( $_POST[ 'limited_email_domains' ] != '' ) { - update_site_option( "limited_email_domains", split( ' ', $wpdb->escape( $_POST[ 'limited_email_domains' ] ) ) ); + update_site_option( "limited_email_domains", split( ' ', $_POST[ 'limited_email_domains' ] ) ); } else { update_site_option( "limited_email_domains", '' ); } @@ -28,8 +28,8 @@ switch( $_GET[ 'action' ] ) { exit; break; case "searchcategories": - $search = $wpdb->escape( $_GET[ 'search' ] ); - $id = $wpdb->escape( $_GET[ 'id' ] ); + $search = $_GET[ 'search' ]; + $id = $_GET[ 'id' ]; $query = "SELECT cat_name FROM " . $wpdb->sitecategories . " WHERE cat_name LIKE '%" . $search . "%' limit 0,10"; $cats = $wpdb->get_results( $query ); if( is_array( $cats ) ) { @@ -41,8 +41,8 @@ switch( $_GET[ 'action' ] ) { exit; break; case "searchusers": - $search = $wpdb->escape( $_GET[ 'search' ] ); - $id = $wpdb->escape( $_GET[ 'id' ] ); + $search = $_GET[ 'search' ]; + $id = $_GET[ 'id' ]; $query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . ", " . $wpdb->usermeta . " WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND " . $wpdb->usermeta . ".meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities'"; $query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . " WHERE user_login LIKE '%" . $search . "%' limit 0,10"; $users = $wpdb->get_results( $query ); @@ -57,12 +57,12 @@ switch( $_GET[ 'action' ] ) { exit; break; case "updatefeeds": - update_site_option( "customizefeed1", $wpdb->escape( $_POST[ 'customizefeed1' ] ) ); - update_site_option( "customizefeed2", $wpdb->escape( $_POST[ 'customizefeed2' ] ) ); - update_site_option( "dashboardfeed1", $wpdb->escape( $_POST[ 'dashboardfeed1' ] ) ); - update_site_option( "dashboardfeed2", $wpdb->escape( $_POST[ 'dashboardfeed2' ] ) ); - update_site_option( "dashboardfeed1name", $wpdb->escape( $_POST[ 'dashboardfeed1name' ] ) ); - update_site_option( "dashboardfeed2name", $wpdb->escape( $_POST[ 'dashboardfeed2name' ] ) ); + update_site_option( "customizefeed1", $_POST[ 'customizefeed1' ] ); + update_site_option( "customizefeed2", $_POST[ 'customizefeed2' ] ); + update_site_option( "dashboardfeed1", $_POST[ 'dashboardfeed1' ] ); + update_site_option( "dashboardfeed2", $_POST[ 'dashboardfeed2' ] ); + update_site_option( "dashboardfeed1name", $_POST[ 'dashboardfeed1name' ] ); + update_site_option( "dashboardfeed2name", $_POST[ 'dashboardfeed2name' ] ); header( "Location: wpmu-feeds.php?updated=true" ); break; case "updateblog": @@ -113,14 +113,14 @@ switch( $_GET[ 'action' ] ) { if( is_array( $_POST[ 'blogusers' ] ) ) { reset( $_POST[ 'blogusers' ] ); while( list( $key, $val ) = each( $_POST[ 'blogusers' ] ) ) { - $wpdb->query( "DELETE FROM " . $wpdb->usermeta . " WHERE meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities' AND user_id = '" . $wpdb->escape( $key ) . "'" ); + $wpdb->query( "DELETE FROM " . $wpdb->usermeta . " WHERE meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities' AND user_id = '" . $key . "'" ); } } // add user? if( $_POST[ 'newuser' ] != '' ) { - $newuser = $wpdb->escape( $_POST[ 'newuser' ] ); + $newuser = $_POST[ 'newuser' ]; $userid = $wpdb->get_var( "SELECT ID FROM " . $wpdb->users . " WHERE user_login = '$newuser'" ); if( $userid ) { $user = $wpdb->get_var( "SELECT user_id FROM " . $wpdb->usermeta . " WHERE user_id='$userid' AND meta_key='wp_" . $id . "_capabilities'" ); diff --git a/wp-inst/wp-content/mu-plugins/invites.php b/wp-inst/wp-content/mu-plugins/invites.php index 7db3abc..a6bc643 100644 --- a/wp-inst/wp-content/mu-plugins/invites.php +++ b/wp-inst/wp-content/mu-plugins/invites.php @@ -30,13 +30,7 @@ into the address bar of your browser)."; } -$u = ''; -if( $_POST[ 'u' ] ) { - $u = $_POST[ 'u' ]; -} elseif( $_GET[ 'u' ] ) { - $u = $_GET[ 'u' ]; -} -$u = $wpdb->escape( $u ); +$u = $wpdb->escape( $_REQUEST['u'] ); function invites_check_user_hash() { global $wpdb, $u; @@ -44,12 +38,9 @@ function invites_check_user_hash() { header( "Location: ".get_option( "siteurl" ) ); die( ); } else { - $query = "SELECT meta_value - FROM ".$wpdb->usermeta." - WHERE user_id = '0' - AND meta_key = '".invite."' - AND meta_value = '".$u."'"; - $userhash = $wpdb->get_var( $query ); + $query = "SELECT meta_value FROM ".$wpdb->usermeta." WHERE user_id = '0' AND meta_key = 'invite' AND meta_value = '".$u."'"; + $userhash = $wpdb->get_results( $query, ARRAY_A ); + if( $userhash == false ) { header( "Location: ".get_option( "siteurl" ) ); die(); @@ -81,7 +72,7 @@ into the address bar of your browser)."; } if( $_GET[ 'action' ] == 'invite' ) { if( is_email( $_POST[ 'email' ] ) ) { - $email = $wpdb->escape( $_POST[ 'email' ] ); + $email = $_POST[ 'email' ]; $query = "INSERT INTO ".$wpdb->usermeta." ( `umeta_id` , `user_id` , `meta_key` , `meta_value` ) VALUES ( NULL, '0', 'invite' , '".md5( $email )."')"; $wpdb->query( $query ); @@ -140,10 +131,7 @@ function invites_cleanup_db( $val ) { AND meta_value = '".$_POST[ 'u' ]."'"; $wpdb->query( $query ); - $query = "SELECT ID - FROM ".$wpdb->users." - WHERE user_login = '".$wpdb->escape( $_POST[ 'weblog_id' ] )."'"; - $id = $wpdb->get_var( $query ); + $id = $wpdb->get_var( "SELECT ID FROM ".$wpdb->users." WHERE user_login = '" . $_POST[ 'weblog_id' ] . "'" ); if( $id ) { $query = "UPDATE ".$wpdb->usermeta." @@ -184,9 +172,9 @@ function invites_admin_content() { switch( $_GET[ 'action' ] ) { case "updateinvitedefaults": - update_site_option( "invites_per_user", $wpdb->escape( $_GET[ 'invites_per_user' ] ) ); - update_site_option( "invites_default_message", $wpdb->escape( $_GET[ 'invites_default_message' ] ) ); - update_site_option( "invites_default_subject", $wpdb->escape( $_GET[ 'invites_default_subject' ] ) ); + update_site_option( "invites_per_user", $_GET[ 'invites_per_user' ] ); + update_site_option( "invites_default_message", $_GET[ 'invites_default_message' ] ); + update_site_option( "invites_default_subject", $_GET[ 'invites_default_subject' ] ); break; case "": break; diff --git a/wp-inst/wp-includes/wpmu-functions.php b/wp-inst/wp-includes/wpmu-functions.php index 3bbbff0..a2783d6 100644 --- a/wp-inst/wp-includes/wpmu-functions.php +++ b/wp-inst/wp-includes/wpmu-functions.php @@ -374,10 +374,7 @@ function is_site_admin( $user_id ) { function get_site_settings( $option, $default='na' ) { global $wpdb; - $query = "SELECT meta_value - FROM $wpdb->sitemeta - WHERE meta_key = '$option' - AND site_id = '".$wpdb->siteid."'"; + $query = "SELECT meta_key, meta_value FROM $wpdb->sitemeta WHERE meta_key = '$option' AND site_id = '".$wpdb->siteid."'"; $option = $wpdb->get_row( $query ); if( $option == false ) { if( $default != 'na' ) { |