WordPress.org

Making WordPress.org

Changeset 5531


Ignore:
Timestamp:
06/01/2017 12:09:10 AM (2 years ago)
Author:
coreymckrill
Message:

WordCamp: Handle apostrophes in Camptix Attendance UI

Apostrophes in the search string are getting escaped when they are first
submitted, which means they are getting escaped again when they go
through $wpdb->prepare etc. So strings that have an apostrophe (like
"O'Brien") will not turn up the expected results in the query.

This fixes the issue by stripping slashes before the string goes through
esc_like and $wpdb->prepare. It uses wp_unslash instead of the
stripslashes in the original patch simply because using WP-specific
versions of functions is a best practice.

Stripping slashes in this instance doesn't cause a vulnerability because
the escaping is handled again later by esc_like and $wpdb->prepare.

Props jeffSLOfish
Fixes #1856

File:
1 edited

Legend:

Unmodified
Added
Removed
Note: See TracChangeset for help on using the changeset viewer.