Add prohphylactic addlashes when evaling query. Props xknown.

git-svn-id: https://develop.svn.wordpress.org/trunk@8510 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 22:30:04 +00:00 · 2008-07-30 17:17:38 +00:00
parent fc84847f4c
commit 22497fb74f
2 changed files with 2 additions and 2 deletions
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -110,7 +110,7 @@ class WP {
 					$query = preg_replace("!^.+\?!", '', $query);

 					// Substitute the substring matches into the query.
-					eval("\$query = \"$query\";");
+					eval("\$query = \"" . addslashes($query) . "\";");
 					$this->matched_query = $query;

 					// Parse the query.
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -152,7 +152,7 @@ function url_to_postid($url) {
 			$query = preg_replace("!^.+\?!", '', $query);

 			// Substitute the substring matches into the query.
-			eval("\$query = \"$query\";");
+			eval("\$query = \"" . addslashes($query) . "\";");
 			// Filter out non-public query vars
 			global $wp;
 			parse_str($query, $query_vars);