Changeset 3072498 for media-library-plus
- Timestamp:
- 04/17/2024 03:12:42 PM (12 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
media-library-plus/tags/8.2.1/media-library-plus.php
r3072472 r3072498 2927 2927 else 2928 2928 $search_value = ""; 2929 2930 // Use esc_sql to escape the 'search_value' parameter before using it in the SQL query 2931 $search_value = esc_sql($search_value); 2929 2932 2930 2933 $sql = $wpdb->prepare("select ID, post_title, post_name, pm.meta_value as attached_file from {$wpdb->prefix}posts … … 2972 2975 2973 2976 if ((isset($_GET['s'])) && (strlen(trim($_GET['s'])) > 0)) 2974 $search_string = trim(sanitize_text_field($_GET['s']));2977 $search_string = esc_sql(trim(sanitize_text_field($_GET['s']))); 2975 2978 else 2976 2979 $search_string = '';
Note: See TracChangeset
for help on using the changeset viewer.