Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix some more prepare() mishandling.

This commit is contained in:
Mark Jaquith 2011-10-06 00:22:38 +08:00 committed by Mark Jaquith
parent 46feaa2755
commit 03cfc38709
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
classes/woocommerce.class.php
View File

@ -200,9 +200,9 @@ class woocommerce {
function attribute_label( $name ) { function attribute_label( $name ) {
global $wpdb; global $wpdb;
$name = $wpdb->prepare(str_replace('pa_', '', sanitize_title($name))); $name = str_replace( 'pa_', '', sanitize_title( $name ) );
$label = $wpdb->get_var("SELECT attribute_label FROM ".$wpdb->prefix."woocommerce_attribute_taxonomies WHERE attribute_name = '$name';"); $label = $wpdb->get_var( $wpdb->prepare( "SELECT attribute_label FROM ".$wpdb->prefix."woocommerce_attribute_taxonomies WHERE attribute_name = %s;", $name ) );
if ($label) return $label; else return ucfirst($name); if ($label) return $label; else return ucfirst($name);
} }

8
woocommerce_actions.php
View File

@ -726,10 +726,10 @@ function woocommerce_download_product() {
$downloads_remaining = $wpdb->get_var( $wpdb->prepare(" $downloads_remaining = $wpdb->get_var( $wpdb->prepare("
SELECT downloads_remaining SELECT downloads_remaining
FROM ".$wpdb->prefix."woocommerce_downloadable_product_permissions FROM ".$wpdb->prefix."woocommerce_downloadable_product_permissions
WHERE user_email = '$email' WHERE user_email = %s
AND order_key = '$order' AND order_key = %s
AND product_id = '$download_file' AND product_id = %s
;") ); ;", $email, $order, $download_file ) );
if ($downloads_remaining=='0') : if ($downloads_remaining=='0') :
wp_die( sprintf(__('Sorry, you have reached your download limit for this file. <a href="%s">Go to homepage &rarr;</a>', 'woothemes'), home_url()) ); wp_die( sprintf(__('Sorry, you have reached your download limit for this file. <a href="%s">Go to homepage &rarr;</a>', 'woothemes'), home_url()) );