1 files changed, 6 insertions, 6 deletions

diff --git a/wp-includes/canonical.php b/wp-includes/canonical.php
index 8027a1c..7c7c909 100644
--- a/wp-includes/canonical.php
+++ b/wp-includes/canonical.php
@@ -4,7 +4,7 @@
 function redirect_canonical($requested_url=NULL, $do_redirect=true) {
 	global $wp_rewrite, $posts, $is_IIS;
 
-	if ( is_feed() || is_trackback() || is_search() || is_comments_popup() || is_admin() || $is_IIS || ( isset($_POST) && count($_POST) ) )
+	if ( is_feed() || is_trackback() || is_search() || is_comments_popup() || is_admin() || $is_IIS || ( isset($_POST) && count($_POST) ) || is_preview() )
 		return;
 
 	if ( !$requested_url ) {
@@ -180,15 +180,15 @@ function redirect_guess_404_permalink() {
 	if ( !get_query_var('name') )
 		return false;
 
-	$where = "post_name LIKE '" . $wpdb->escape(get_query_var('name')) . "%'";
+	$where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%');
 
 	// if any of year, monthnum, or day are set, use them to refine the query
 	if ( get_query_var('year') )
-		$where .= " AND YEAR(post_date) = '" . $wpdb->escape(get_query_var('year')) . "'";
+		$where .= $wpdb->prepare(" AND YEAR(post_date) = %d", get_query_var('year'));
 	if ( get_query_var('monthnum') )
-		$where .= " AND MONTH(post_date) = '" . $wpdb->escape(get_query_var('monthnum')) . "'";
+		$where .= $wpdb->prepare(" AND MONTH(post_date) = %d", get_query_var('monthnum'));
 	if ( get_query_var('day') )
-		$where .= " AND DAYOFMONTH(post_date) = '" . $wpdb->escape(get_query_var('day')) . "'";
+		$where .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", get_query_var('day'));
 
 	$post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE $where AND post_status = 'publish'");
 	if ( !$post_id )
@@ -198,4 +198,4 @@ function redirect_guess_404_permalink() {
 
 add_action('template_redirect', 'redirect_canonical');
 
-?>
\ No newline at end of file
+?>