X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..refs/tags/wordpress-2.6.2:/wp-admin/includes/bookmark.php

diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php
index 908d6b86..697a71c4 100644
--- a/wp-admin/includes/bookmark.php
+++ b/wp-admin/includes/bookmark.php
@@ -47,7 +47,7 @@ function wp_delete_link($link_id) {
 
 	wp_delete_object_term_relationships($link_id, 'link_category');
 
-	$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+	$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) );
 
 	do_action('deleted_link', $link_id);
 
@@ -73,7 +73,7 @@ function wp_insert_link($linkdata) {
 	$linkdata = wp_parse_args($linkdata, $defaults);
 	$linkdata = sanitize_bookmark($linkdata, 'db');
 
-	extract($linkdata, EXTR_SKIP);
+	extract(stripslashes_deep($linkdata), EXTR_SKIP);
 
 	$update = false;
 
@@ -119,15 +119,14 @@ function wp_insert_link($linkdata) {
 	}
 
 	if ( $update ) {
-		$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
-			link_name='$link_name', link_image='$link_image',
-			link_target='$link_target',
-			link_visible='$link_visible', link_description='$link_description',
-			link_rating='$link_rating', link_rel='$link_rel',
-			link_notes='$link_notes', link_rss = '$link_rss'
-			WHERE link_id='$link_id'");
+		$wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s,
+			link_name = %s, link_image = %s, link_target = %s, 
+			link_visible = %s, link_description = %s, link_rating = %s, 
+			link_rel = %s, link_notes = %s, link_rss = %s
+			WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) );
 	} else {
-		$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
+		$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 
+		$link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) );
 		$link_id = (int) $wpdb->insert_id;
 	}