X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4..refs/tags/wordpress-2.6.2:/wp-admin/includes/export.php
diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php
index 96239af9..00201fab 100644
--- a/wp-admin/includes/export.php
+++ b/wp-admin/includes/export.php
@@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
$where = '';
if ( $author and $author != 'all' ) {
$author_id = (int) $author;
- $where = " WHERE post_author = '$author_id' ";
+ $where = $wpdb->prepare(" WHERE post_author = %d ", $author_id);
}
// grab a snapshot of post IDs, just in case it changes during the export
@@ -201,6 +201,7 @@ echo '\n";
post_content) ); ?>
+post_excerpt) ); ?>
ID; ?>
post_date; ?>
post_date_gmt; ?>
@@ -217,7 +218,7 @@ if ($post->post_type == 'attachment') { ?>
ID); ?>
get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
+$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
if ( $postmeta ) {
?>
@@ -228,7 +229,7 @@ if ( $postmeta ) {
get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID");
+$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
if ( $comments ) { foreach ( $comments as $c ) { ?>
comment_ID; ?>
@@ -252,4 +253,4 @@ if ( $comments ) { foreach ( $comments as $c ) { ?>
\ No newline at end of file
+?>