From 22497fb74f0159369a51039e3cfbdd7b9064ec1d Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 30 Jul 2008 17:17:38 +0000
Subject: [PATCH] Add prohphylactic addlashes when evaling query. Props xknown.

git-svn-id: https://develop.svn.wordpress.org/trunk@8510 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/classes.php | 2 +-
 wp-includes/rewrite.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/classes.php b/wp-includes/classes.php
index ac1ce2254f..9b46ba35dd 100644
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -110,7 +110,7 @@ class WP {
 					$query = preg_replace("!^.+\?!", '', $query);
 
 					// Substitute the substring matches into the query.
-					eval("\$query = \"$query\";");
+					eval("\$query = \"" . addslashes($query) . "\";");
 					$this->matched_query = $query;
 
 					// Parse the query.
diff --git a/wp-includes/rewrite.php b/wp-includes/rewrite.php
index 6e6c47dc1f..cbc0077d20 100644
--- a/wp-includes/rewrite.php
+++ b/wp-includes/rewrite.php
@@ -152,7 +152,7 @@ function url_to_postid($url) {
 			$query = preg_replace("!^.+\?!", '', $query);
 
 			// Substitute the substring matches into the query.
-			eval("\$query = \"$query\";");
+			eval("\$query = \"" . addslashes($query) . "\";");
 			// Filter out non-public query vars
 			global $wp;
 			parse_str($query, $query_vars);