Context Navigation

Changeset 1649700

Timestamp:

05/02/2017 02:05:49 PM (9 years ago)

Author:

hovida

Message:

Prevent SQL Injections, updating data saving

Location:

category-thumbnails/trunk

Files:

-                      r879146
+                      r1649700
         Author:             Adrian Preuss
         Author URI:         mailto:support@hovida-design.de?Subject=WordPress%20category-thumbnails
         Version:            1.0.5
+        Version:            1.0.6
         Text Domain:        category-thumbnails
         Domain Path:        /languages
 …
+            }
+            $wpdb->query(sprintf('UPDATE `%sterm_taxonomy` SET `term_thumbnail`=%s WHERE `term_id`=\'%s\' LIMIT 1', $wpdb->prefix, (empty($data) ? 'NULL' : sprintf('\'%s\'', base64_decode($data))), $category));
+            if($data !== NULL) {
+                $data = base64_decode($data);
+            }
+            $wpdb->update($wpdb->prefix . 'term_taxonomy', array(
+                'term_thumbnail' => $data
+            ), array(
+                'term_id' => $category
+            ));
+        }
+    }

-                      r879146
+                      r1649700
+        }
         $result = $wpdb->get_row(sprintf('SELECT `term_thumbnail` FROM `%sterm_taxonomy` WHERE `term_id`=\'%d\' LIMIT 1', $wpdb->prefix, $cat));
+        $result = $wpdb->get_row($wpdb->prepare('SELECT `term_thumbnail` FROM `%sterm_taxonomy` WHERE `term_id`=%d LIMIT 1', $wpdb->prefix, $cat));
         return $result->term_thumbnail != null ? true : false;
+    }
 …
         $attributes     = array();
         $result         = $wpdb->get_row(sprintf('SELECT `term_thumbnail` FROM `%sterm_taxonomy` WHERE `term_id`=\'%d\' LIMIT 1', $wpdb->prefix, $cat));
+        $result         = $wpdb->get_row($wpdb->prepare('SELECT `term_thumbnail` FROM `%sterm_taxonomy` WHERE `term_id`=%d LIMIT 1', $wpdb->prefix, $cat));
         $data           = json_decode($result->term_thumbnail);
 …
+        }
         $result         = $wpdb->get_row(sprintf('SELECT `term_thumbnail` FROM `%sterm_taxonomy` WHERE `term_id`=\'%d\' LIMIT 1', $wpdb->prefix, $cat));
+        $result         = $wpdb->get_row($wpdb->prepare('SELECT `term_thumbnail` FROM `%sterm_taxonomy` WHERE `term_id`=%d LIMIT 1', $wpdb->prefix, $cat));
         $data           = json_decode($result->term_thumbnail);

r879149	r1649700
1	1	=== Category Thumbnails ===
2	2	Contributors: Adrian Preuss
3		Version: 1.0.5
	3	Version: 1.0.6
4	4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=H56DKPMQE49NJ
5	5	Tags: category, thumbnail, taxonomy, custom

Note: See TracChangeset for help on using the changeset viewer.