Don't escape so much.. already have magic quotes

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@189 7be80a69-a1ef-0310-a953-fb0f7c49ff36
author: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> 2005-08-15 10:58:43 +0000
committer: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> 2005-08-15 10:58:43 +0000
commit: 3236ed913a21f8c638ddd15d9032cf51a2d560e3 (patch)
tree: f5647dcdd06067ee061f6506a86fc50ed0e57ba1 /wp-inst
parent: 83cb62b69d9052714b384eaa261c48b9d836458f (diff)
download: wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.tar.gz
wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.tar.xz
wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.zip
4 files changed, 26 insertions, 41 deletions
diff --git a/wp-inst/wp-admin/invites.php b/wp-inst/wp-admin/invites.php
index 8b21d7f..204d3e6 100644
--- a/wp-inst/wp-admin/invites.php
+++ b/wp-inst/wp-admin/invites.php
@@ -8,7 +8,7 @@ if( $_POST[ 'action' ] == 'send' ) {
     $invites_left = get_usermeta( $user_ID, 'invites_left' );
     if( $invites_left != false ) {
 	if( $_POST[ 'email' ] != '' && is_email( $_POST[ 'email' ] ) ) {
-	    $email = $wpdb->escape( strtolower( $_POST[ 'email' ] ) );
+	    $email = strtolower( $_POST[ 'email' ] );
 	    $invites_list = get_usermeta( $current_user->data->ID, "invites_list" );
 	    $pos = strpos( $invites_list, substr( $email, 1 ) );
 	    if( $pos == true ) {
diff --git a/wp-inst/wp-admin/wpmu-edit.php b/wp-inst/wp-admin/wpmu-edit.php
index 5824e40..1da0740 100644
--- a/wp-inst/wp-admin/wpmu-edit.php
+++ b/wp-inst/wp-admin/wpmu-edit.php
@@ -7,13 +7,13 @@ if( $wpblog != 'main' || $user_level < 10) {
 
 do_action( "wpmuadminedit", "" );
 
-$id = $wpdb->escape( $_POST[ 'id' ] );
+$id = $_POST[ 'id' ];
 switch( $_GET[ 'action' ] ) {
 	case "siteoptions":
 		update_site_option( "WPLANG", $_POST[ 'WPLANG' ] );
-		update_site_option( "illegal_names", split( ' ', $wpdb->escape( $_POST[ 'illegal_names' ] ) ) );
+		update_site_option( "illegal_names", split( ' ', $_POST[ 'illegal_names' ] ) );
 		if( $_POST[ 'limited_email_domains' ] != '' ) {
-			update_site_option( "limited_email_domains", split( ' ', $wpdb->escape( $_POST[ 'limited_email_domains' ] ) ) );
+			update_site_option( "limited_email_domains", split( ' ', $_POST[ 'limited_email_domains' ] ) );
 		} else {
 			update_site_option( "limited_email_domains", '' );
 		}
@@ -28,8 +28,8 @@ switch( $_GET[ 'action' ] ) {
 		exit;
 	break;
 	case "searchcategories":
-		$search = $wpdb->escape( $_GET[ 'search' ] );
-		$id = $wpdb->escape( $_GET[ 'id' ] );
+		$search = $_GET[ 'search' ];
+		$id = $_GET[ 'id' ];
 		$query = "SELECT cat_name FROM " . $wpdb->sitecategories . " WHERE cat_name LIKE '%" . $search . "%' limit 0,10";
 		$cats = $wpdb->get_results( $query );
 		if( is_array( $cats ) ) {
@@ -41,8 +41,8 @@ switch( $_GET[ 'action' ] ) {
 		exit;
 	break;
 	case "searchusers":
-		$search = $wpdb->escape( $_GET[ 'search' ] );
-		$id = $wpdb->escape( $_GET[ 'id' ] );
+		$search = $_GET[ 'search' ];
+		$id = $_GET[ 'id' ];
 		$query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . ", " . $wpdb->usermeta . " WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND " . $wpdb->usermeta . ".meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities'";
 		$query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . " WHERE user_login LIKE '%" . $search . "%' limit 0,10";
 		$users = $wpdb->get_results( $query );
@@ -57,12 +57,12 @@ switch( $_GET[ 'action' ] ) {
 		exit;
 	break;
 	case "updatefeeds":
-		update_site_option( "customizefeed1", $wpdb->escape( $_POST[ 'customizefeed1' ] ) );
-		update_site_option( "customizefeed2", $wpdb->escape( $_POST[ 'customizefeed2' ] ) );
-		update_site_option( "dashboardfeed1", $wpdb->escape( $_POST[ 'dashboardfeed1' ] ) );
-		update_site_option( "dashboardfeed2", $wpdb->escape( $_POST[ 'dashboardfeed2' ] ) );
-		update_site_option( "dashboardfeed1name", $wpdb->escape( $_POST[ 'dashboardfeed1name' ] ) );
-		update_site_option( "dashboardfeed2name", $wpdb->escape( $_POST[ 'dashboardfeed2name' ] ) );
+		update_site_option( "customizefeed1", $_POST[ 'customizefeed1' ] );
+		update_site_option( "customizefeed2", $_POST[ 'customizefeed2' ] );
+		update_site_option( "dashboardfeed1", $_POST[ 'dashboardfeed1' ] );
+		update_site_option( "dashboardfeed2", $_POST[ 'dashboardfeed2' ] );
+		update_site_option( "dashboardfeed1name", $_POST[ 'dashboardfeed1name' ] );
+		update_site_option( "dashboardfeed2name", $_POST[ 'dashboardfeed2name' ] );
 		header( "Location: wpmu-feeds.php?updated=true" );
 	break;
     case "updateblog":
@@ -113,14 +113,14 @@ switch( $_GET[ 'action' ] ) {
     if( is_array( $_POST[ 'blogusers' ] ) ) {
 	    reset( $_POST[ 'blogusers' ] );
 	    while( list( $key, $val ) = each( $_POST[ 'blogusers' ] ) ) { 
-		    $wpdb->query( "DELETE FROM " . $wpdb->usermeta . " WHERE meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities' AND user_id = '" . $wpdb->escape( $key ) . "'" );
+		    $wpdb->query( "DELETE FROM " . $wpdb->usermeta . " WHERE meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities' AND user_id = '" . $key . "'" );
 	    }
     }
 
 
     // add user?
     if( $_POST[ 'newuser' ] != '' ) {
-	    $newuser = $wpdb->escape( $_POST[ 'newuser' ] );
+	    $newuser = $_POST[ 'newuser' ];
 	    $userid = $wpdb->get_var( "SELECT ID FROM " . $wpdb->users . " WHERE user_login = '$newuser'" );
 	    if( $userid ) {
 		    $user = $wpdb->get_var( "SELECT user_id FROM " . $wpdb->usermeta . " WHERE user_id='$userid' AND meta_key='wp_" . $id . "_capabilities'" );
diff --git a/wp-inst/wp-content/mu-plugins/invites.php b/wp-inst/wp-content/mu-plugins/invites.php
index 7db3abc..a6bc643 100644
--- a/wp-inst/wp-content/mu-plugins/invites.php
+++ b/wp-inst/wp-content/mu-plugins/invites.php
@@ -30,13 +30,7 @@ into the address bar of your browser).";
 
 }
 
-$u = '';
-if( $_POST[ 'u' ] ) {
-    $u = $_POST[ 'u' ];
-} elseif( $_GET[ 'u' ] ) {
-    $u = $_GET[ 'u' ];
-}
-$u = $wpdb->escape( $u );
+$u = $wpdb->escape( $_REQUEST['u'] );
 
 function invites_check_user_hash() {
     global $wpdb, $u;
@@ -44,12 +38,9 @@ function invites_check_user_hash() {
 	header( "Location: ".get_option( "siteurl" ) );
 	die( );
     } else {
-	$query = "SELECT meta_value
-	          FROM   ".$wpdb->usermeta."
-		  WHERE  user_id    = '0'
-		  AND    meta_key   = '".invite."'
-		  AND    meta_value = '".$u."'";
-	$userhash = $wpdb->get_var( $query );
+	$query = "SELECT meta_value FROM ".$wpdb->usermeta." WHERE user_id = '0' AND meta_key = 'invite' AND meta_value = '".$u."'";
+	$userhash = $wpdb->get_results( $query, ARRAY_A );
+
 	if( $userhash == false ) {
 	    header( "Location: ".get_option( "siteurl" ) );
 	    die();
@@ -81,7 +72,7 @@ into the address bar of your browser).";
     }
     if( $_GET[ 'action' ] == 'invite' ) {
 	if( is_email( $_POST[ 'email' ] ) ) {
-	    $email = $wpdb->escape( $_POST[ 'email' ] );
+	    $email = $_POST[ 'email' ];
 	    $query = "INSERT INTO ".$wpdb->usermeta." ( `umeta_id` , `user_id` , `meta_key` , `meta_value` )
 		      VALUES ( NULL, '0', 'invite' , '".md5( $email )."')";
 	    $wpdb->query( $query );
@@ -140,10 +131,7 @@ function invites_cleanup_db( $val ) {
 	          AND         meta_value = '".$_POST[ 'u' ]."'";
 	$wpdb->query( $query );
 
-	$query = "SELECT ID
-	          FROM   ".$wpdb->users."
-		  WHERE  user_login = '".$wpdb->escape( $_POST[ 'weblog_id' ] )."'";
-	$id = $wpdb->get_var( $query );
+	$id = $wpdb->get_var( "SELECT ID FROM ".$wpdb->users." WHERE user_login = '" . $_POST[ 'weblog_id' ] . "'" );
 
 	if( $id ) {
 	    $query = "UPDATE ".$wpdb->usermeta."
@@ -184,9 +172,9 @@ function invites_admin_content() {
 
     switch( $_GET[ 'action' ] ) {
 	case "updateinvitedefaults":
-	update_site_option( "invites_per_user", $wpdb->escape( $_GET[ 'invites_per_user' ] ) );
-	update_site_option( "invites_default_message", $wpdb->escape( $_GET[ 'invites_default_message' ] ) );
-	update_site_option( "invites_default_subject", $wpdb->escape( $_GET[ 'invites_default_subject' ] ) );
+	update_site_option( "invites_per_user", $_GET[ 'invites_per_user' ] );
+	update_site_option( "invites_default_message", $_GET[ 'invites_default_message' ] );
+	update_site_option( "invites_default_subject", $_GET[ 'invites_default_subject' ] );
 	break;
 	case "":
 	break;
diff --git a/wp-inst/wp-includes/wpmu-functions.php b/wp-inst/wp-includes/wpmu-functions.php
index 3bbbff0..a2783d6 100644
--- a/wp-inst/wp-includes/wpmu-functions.php
+++ b/wp-inst/wp-includes/wpmu-functions.php
@@ -374,10 +374,7 @@ function is_site_admin( $user_id ) {
 function get_site_settings( $option, $default='na' ) {
     global $wpdb;
 
-    $query = "SELECT meta_value 
-              FROM   $wpdb->sitemeta 
-	      WHERE  meta_key = '$option'
-	      AND    site_id = '".$wpdb->siteid."'";
+    $query = "SELECT meta_key, meta_value FROM $wpdb->sitemeta WHERE meta_key = '$option' AND site_id = '".$wpdb->siteid."'";
     $option = $wpdb->get_row( $query );
     if( $option == false ) {
 	    if( $default != 'na' ) {
author	donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>	2005-08-15 10:58:43 +0000
committer	donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>	2005-08-15 10:58:43 +0000
commit	3236ed913a21f8c638ddd15d9032cf51a2d560e3 (patch)
tree	f5647dcdd06067ee061f6506a86fc50ed0e57ba1 /wp-inst
parent	83cb62b69d9052714b384eaa261c48b9d836458f (diff)
download	wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.tar.gz wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.tar.xz wordpress-mu-3236ed913a21f8c638ddd15d9032cf51a2d560e3.zip