Skip to content
Permalink
Browse files

Comments: IDs are integers.

Built from https://develop.svn.wordpress.org/trunk@33555


git-svn-id: http://core.svn.wordpress.org/trunk@33522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
ocean90 committed Aug 4, 2015
1 parent a9b3f12 commit 70128fe7605cb963a46815cf91b0a5934f70eff5
Showing with 5 additions and 4 deletions.
  1. +4 −3 wp-includes/post.php
  2. +1 −1 wp-includes/version.php
@@ -2937,10 +2937,11 @@ function wp_untrash_post_comments( $post = null ) {
foreach ( $group_by_status as $status => $comments ) {
// Sanity check. This shouldn't happen.
if ( 'post-trashed' == $status )
if ( 'post-trashed' == $status ) {
$status = '0';
$comments_in = implode( "', '", $comments );
$wpdb->query( "UPDATE $wpdb->comments SET comment_approved = '$status' WHERE comment_ID IN ('" . $comments_in . "')" );
}
$comments_in = implode( ', ', array_map( 'intval', $comments ) );
$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->comments SET comment_approved = %s WHERE comment_ID IN ($comments_in)", $status ) );
}
clean_comment_cache( array_keys($statuses) );
@@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.3-RC1-33542';
$wp_version = '4.3-RC1-33555';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

1 comment on commit 70128fe

@sanginovs

This comment has been minimized.

Copy link

sanginovs commented on 70128fe Feb 10, 2019

@ocean90, so was the SQL injection vulnerability in one of these post parameters?
/wp-admin/post.php?post=1&action=untrash&_wpnonce=62d5415fce

Thanks

Please sign in to comment.
You can’t perform that action at this time.