Plugin Directory

Changeset 3072498 for media-library-plus


Ignore:
Timestamp:
04/17/2024 03:12:42 PM (12 months ago)
Author:
AlanP57
Message:

Update 8.2.1

File:
1 edited

Legend:

Unmodified
Added
Removed
  • media-library-plus/tags/8.2.1/media-library-plus.php

    r3072472 r3072498  
    29272927    else
    29282928      $search_value = "";
     2929   
     2930    // Use esc_sql to escape the 'search_value' parameter before using it in the SQL query
     2931    $search_value = esc_sql($search_value);   
    29292932       
    29302933    $sql = $wpdb->prepare("select ID, post_title, post_name, pm.meta_value as attached_file from {$wpdb->prefix}posts
     
    29722975   
    29732976    if ((isset($_GET['s'])) && (strlen(trim($_GET['s'])) > 0))
    2974       $search_string = trim(sanitize_text_field($_GET['s']));
     2977      $search_string = esc_sql(trim(sanitize_text_field($_GET['s'])));
    29752978    else
    29762979      $search_string = '';
Note: See TracChangeset for help on using the changeset viewer.