From 9651a4b5b0bc4cce0e4dc884aca39dafdabf3c94 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Thu, 8 Sep 2011 17:17:17 +0000 Subject: [PATCH] Don't send page slugs through prepare() to avoid breaking octets in i18n page slugs. Props SergeyBiryukov. see #10249 #166687 git-svn-id: https://develop.svn.wordpress.org/trunk@18652 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/post.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wp-includes/post.php b/wp-includes/post.php index df755b0191..f0d16ef789 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -3156,7 +3156,9 @@ function get_page_by_path($page_path, $output = OBJECT, $post_type = 'page') { $parts = array_map( 'sanitize_title', $parts ); $in_string = "'". implode( "','", $parts ) . "'"; - $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name IN ({$in_string}) AND (post_type = %s OR post_type = 'attachment')", $post_type ), OBJECT_K ); + $post_type_sql = $post_type; + $wpdb->escape_by_ref( $post_type_sql ); + $pages = $wpdb->get_results( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name IN ($in_string) AND (post_type = '$post_type_sql' OR post_type = 'attachment')", OBJECT_K ); $revparts = array_reverse( $parts );