Fix some more prepare() mishandling.
This commit is contained in:
parent
46feaa2755
commit
03cfc38709
|
@ -200,9 +200,9 @@ class woocommerce {
|
|||
function attribute_label( $name ) {
|
||||
global $wpdb;
|
||||
|
||||
$name = $wpdb->prepare(str_replace('pa_', '', sanitize_title($name)));
|
||||
$name = str_replace( 'pa_', '', sanitize_title( $name ) );
|
||||
|
||||
$label = $wpdb->get_var("SELECT attribute_label FROM ".$wpdb->prefix."woocommerce_attribute_taxonomies WHERE attribute_name = '$name';");
|
||||
$label = $wpdb->get_var( $wpdb->prepare( "SELECT attribute_label FROM ".$wpdb->prefix."woocommerce_attribute_taxonomies WHERE attribute_name = %s;", $name ) );
|
||||
|
||||
if ($label) return $label; else return ucfirst($name);
|
||||
}
|
||||
|
|
|
@ -726,10 +726,10 @@ function woocommerce_download_product() {
|
|||
$downloads_remaining = $wpdb->get_var( $wpdb->prepare("
|
||||
SELECT downloads_remaining
|
||||
FROM ".$wpdb->prefix."woocommerce_downloadable_product_permissions
|
||||
WHERE user_email = '$email'
|
||||
AND order_key = '$order'
|
||||
AND product_id = '$download_file'
|
||||
;") );
|
||||
WHERE user_email = %s
|
||||
AND order_key = %s
|
||||
AND product_id = %s
|
||||
;", $email, $order, $download_file ) );
|
||||
|
||||
if ($downloads_remaining=='0') :
|
||||
wp_die( sprintf(__('Sorry, you have reached your download limit for this file. <a href="%s">Go to homepage →</a>', 'woothemes'), home_url()) );
|
||||
|
|
Loading…
Reference in New Issue