From 1d82df4e5f5642ea93c1d8216f7012b3e236e087 Mon Sep 17 00:00:00 2001 From: donncha Date: Mon, 25 Aug 2008 16:06:08 +0000 Subject: Prepare SQL, fixes #719, props momo360modena git-svn-id: http://svn.automattic.com/wordpress-mu/branches/2.6@1446 7be80a69-a1ef-0310-a953-fb0f7c49ff36 --- wpmu-settings.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'wpmu-settings.php') diff --git a/wpmu-settings.php b/wpmu-settings.php index 8639c9b..08790fd 100644 --- a/wpmu-settings.php +++ b/wpmu-settings.php @@ -31,19 +31,20 @@ function wpmu_current_site() { global $wpdb, $current_site, $domain, $path, $sites; $path = substr( $_SERVER[ 'REQUEST_URI' ], 0, 1 + strpos( $_SERVER[ 'REQUEST_URI' ], '/', 1 ) ); if( constant( 'VHOST' ) == 'yes' ) { - $current_site = $wpdb->get_row( "SELECT * FROM $wpdb->site WHERE domain = '$domain' AND path='$path'" ); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE domain = %s AND path = %s", $domain, $path) ); if( $current_site != null ) return $current_site; - $current_site = $wpdb->get_row( "SELECT * FROM $wpdb->site WHERE domain = '$domain' AND path='/'" ); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE domain = %s AND path='/'", $domain) ); if( $current_site != null ) { $path = '/'; return $current_site; } + $sitedomain = substr( $domain, 1 + strpos( $domain, '.' ) ); - $current_site = $wpdb->get_row( "SELECT * FROM $wpdb->site WHERE domain = '$sitedomain' AND path='$path'" ); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE domain = %s AND path = %s", $sitedomain, $path) ); if( $current_site != null ) return $current_site; - $current_site = $wpdb->get_row( "SELECT * FROM $wpdb->site WHERE domain = '$sitedomain' AND path='/'" ); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE domain = %s AND path='/'", $sitedomain) ); if( $current_site == null && defined( "WP_INSTALLING" ) == false ) { if( count( $sites ) == 1 ) { $current_site = $sites[0]; @@ -55,10 +56,10 @@ function wpmu_current_site() { $path = '/'; } } else { - $current_site = $wpdb->get_row( "SELECT * FROM $wpdb->site WHERE domain = '$domain' AND path='$path'" ); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE domain = %s AND path = %s", $domain, $path) ); if( $current_site != null ) return $current_site; - $current_site = $wpdb->get_row( "SELECT * FROM $wpdb->site WHERE domain = '$domain' AND path='/'" ); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE domain = %s AND path='/'", $domain) ); if( $current_site == null && defined( "WP_INSTALLING" ) == false ) { if( count( $sites ) == 1 ) { $current_site = $sites[0]; @@ -86,7 +87,7 @@ if( count( $sites ) == 1 ) { if( constant( 'VHOST' ) == 'yes' ) { $current_blog = $wpdb->get_row("SELECT * FROM $wpdb->blogs WHERE domain = '$domain'"); if( $current_blog != null ) { - $current_site = $wpdb->get_row("SELECT * FROM $wpdb->site WHERE id='{$current_blog->site_id}'"); + $current_site = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->site WHERE id = %d", $current_blog->site_id) ); } else { $blogname = substr( $domain, 0, strpos( $domain, '.' ) ); } @@ -98,15 +99,15 @@ if( constant( 'VHOST' ) == 'yes' ) { $blogname = substr( $blogname, 0, strpos( $blogname, '?' ) ); $blognames = array( 'page', 'comments', 'blog', 'wp-admin', 'wp-includes', 'wp-content', 'files', 'feed' ); if( $blogname == '' || in_array( $blogname, $blognames ) || is_file( $blogname ) || is_blogname_page( $blogname ) ) { - $current_blog = $wpdb->get_row("SELECT * FROM $wpdb->blogs WHERE domain = '$domain' AND path = '$path'"); + $current_blog = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->blogs WHERE domain = %s AND path = %s", $domain, $path) ); } else { - $current_blog = $wpdb->get_row("SELECT * FROM $wpdb->blogs WHERE domain = '$domain' AND path = '{$path}{$blogname}/'"); + $current_blog = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->blogs WHERE domain = %s AND path = %s", $domain, $path.$blogname.'/') ); } } if( defined( "WP_INSTALLING" ) == false ) { if( $current_site && $current_blog == null ) { - $current_blog = $wpdb->get_row("SELECT * FROM {$wpdb->blogs} WHERE domain = '{$current_site->domain}' AND path = '{$current_site->path}'"); + $current_blog = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->blogs WHERE domain = %s AND path = %s", $current_site->domain, $current_site->path) ); } if( $current_blog == false || $current_site == false ) is_installed(); @@ -115,7 +116,7 @@ if( defined( "WP_INSTALLING" ) == false ) { function is_blogname_page( $blogname ) { global $wpdb, $table_prefix, $domain, $path; - $blog_id = $wpdb->get_var("SELECT blog_id FROM $wpdb->blogs WHERE domain = '$domain' AND path = '$path'"); + $blog_id = $wpdb->get_var( $wpdb->prepare("SELECT blog_id FROM $wpdb->blogs WHERE domain = %s AND path = %s", $domain, $path) ); // is the request for a page of the main blog? We need to cache this information somewhere to save a request $pages = $wpdb->get_col( "SELECT LOWER(post_name) FROM {$table_prefix}{$blog_id}_posts WHERE post_type='page'" ); @@ -138,15 +139,14 @@ if( $current_blog->site_id == 0 || $current_blog->site_id == '' ) $site_id = $current_blog->site_id; -$current_site->site_name = $wpdb->get_var( "SELECT meta_value FROM $wpdb->sitemeta WHERE site_id = '$site_id' AND meta_key = 'site_name'" ); +$current_site->site_name = $wpdb->get_var( $wpdb->prepare("SELECT meta_value FROM $wpdb->sitemeta WHERE site_id = %d AND meta_key = 'site_name'", $site_id) ); if( $current_site->site_name == null ) $current_site->site_name = ucfirst( $current_site->domain ); if( $blog_id == false ) { // no blog found, are we installing? Check if the table exists. if ( defined('WP_INSTALLING') ) { - $query = "SELECT blog_id FROM ".$wpdb->blogs." limit 0,1"; - $blog_id = $wpdb->get_var( $query ); + $blog_id = $wpdb->get_var( "SELECT blog_id FROM $wpdb->blogs LIMIT 0,1" ); if( $blog_id == false ) { // table doesn't exist. This is the first blog $blog_id = 1; -- cgit