Wordpress 2.6.2-scripts

[autoinstalls/wordpress.git] / wp-admin / includes / bookmark.php

diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php
index 35cc9c9d22f895ad068db9ac5078dfc965150a03..697a71c4fcf02e42a90563dbd17f7a1553f09396 100644 (file)
--- a/wp-admin/includes/bookmark.php
+++ b/wp-admin/includes/bookmark.php
@@ -13,6 +13,8 @@ function edit_link( $link_id = '' ) {
        $_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
        $_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
        $_POST['link_rss'] = clean_url($_POST['link_rss']);
+       if ( 'N' != $_POST['link_visible'] )
+               $_POST['link_visible'] = 'Y';
 
        if ( !empty( $link_id ) ) {
                $_POST['link_id'] = $link_id;
@@ -45,7 +47,7 @@ function wp_delete_link($link_id) {
 
        wp_delete_object_term_relationships($link_id, 'link_category');
 
-       $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+       $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) );
 
        do_action('deleted_link', $link_id);
 
@@ -60,7 +62,7 @@ function wp_get_link_cats($link_id = 0) {
 }
 
 function get_link_to_edit( $link_id ) {
-       return get_link( $link_id, OBJECT, 'edit' );
+       return get_bookmark( $link_id, OBJECT, 'edit' );
 }
 
 function wp_insert_link($linkdata) {
@@ -71,7 +73,7 @@ function wp_insert_link($linkdata) {
        $linkdata = wp_parse_args($linkdata, $defaults);
        $linkdata = sanitize_bookmark($linkdata, 'db');
 
-       extract($linkdata, EXTR_SKIP);
+       extract(stripslashes_deep($linkdata), EXTR_SKIP);
 
        $update = false;
 
@@ -117,15 +119,14 @@ function wp_insert_link($linkdata) {
        }
 
        if ( $update ) {
-               $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
-                       link_name='$link_name', link_image='$link_image',
-                       link_target='$link_target',
-                       link_visible='$link_visible', link_description='$link_description',
-                       link_rating='$link_rating', link_rel='$link_rel',
-                       link_notes='$link_notes', link_rss = '$link_rss'
-                       WHERE link_id='$link_id'");
+               $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s,
+                       link_name = %s, link_image = %s, link_target = %s, 
+                       link_visible = %s, link_description = %s, link_rating = %s, 
+                       link_rel = %s, link_notes = %s, link_rss = %s
+                       WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) );
        } else {
-               $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
+               $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 
+               $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) );
                $link_id = (int) $wpdb->insert_id;
        }
 
@@ -151,8 +152,6 @@ function wp_set_link_cats($link_id = 0, $link_categories = array()) {
 }      // wp_set_link_cats()
 
 function wp_update_link($linkdata) {
-       global $wpdb;
-
        $link_id = (int) $linkdata['link_id'];
 
        $link = get_link($link_id, ARRAY_A);