Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

changed wpdb::escape to esc_sql()

This commit is contained in:
claudiosmweb 2013-12-30 14:24:49 -02:00
parent ee6c7c6d4c
commit 94586aa5b9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/reports/class-wc-report-customer-list.php
View File

@ -261,7 +261,7 @@ class WC_Report_Customer_List extends WP_List_Table {
if ( $s ) {
$query->query_from .= " LEFT JOIN {$wpdb->usermeta} as meta3 ON ({$wpdb->users}.ID = meta3.user_id)";
$query->query_where .= " AND ( user_login LIKE '%" . $wpdb->escape( str_replace( '*', '', $s ) ) . "%' OR user_nicename LIKE '%" . $wpdb->escape( str_replace( '*', '', $s ) ) . "%' OR meta3.meta_value LIKE '%" . $wpdb->escape( str_replace( '*', '', $s ) ) . "%' ) ";
$query->query_where .= " AND ( user_login LIKE '%" . esc_sql( str_replace( '*', '', $s ) ) . "%' OR user_nicename LIKE '%" . esc_sql( str_replace( '*', '', $s ) ) . "%' OR meta3.meta_value LIKE '%" . esc_sql( str_replace( '*', '', $s ) ) . "%' ) ";
$query->query_orderby = " GROUP BY ID " . $query->query_orderby;
}