3.2.9.9.2 use of deprecated function mysql_real_escape_string is removed

qTranslate-Team · Apr 17, 2015 · 07e6cf6 · 07e6cf6
1 parent bc32ba0
commit 07e6cf6
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 11 deletions.
diff --git a/admin/qtx_configuration.php b/admin/qtx_configuration.php
@@ -750,15 +750,17 @@ function qtranxf_conf() {
 		// update language tags
 		global $wpdb;
 		$wpdb->show_errors();
-		$result = $wpdb->get_results('SELECT ID, post_title, post_content FROM '.$wpdb->posts.' WHERE NOT (post_content LIKE "%<!--:-->%" OR post_title LIKE "%<!--:-->%")');
-		foreach($result as $post) {
-			$title=qtranxf_mark_default($post->post_title);
-			$content=qtranxf_mark_default($post->post_content);
-			if( $title==$post->post_title && $content==$post->post_content ) continue;
-			//qtranxf_dbg_echo("markdefault:<br>\ntitle old: '".$post->post_title."'<br>\ntitle new: '".$title."'<br>\ncontent old: '".$post->post_content."'<br>\ncontent new: '".$content."'"); continue;
-			$wpdb->query('UPDATE '.$wpdb->posts.' set post_content = "'.mysql_real_escape_string($content).'", post_title = "'.mysql_real_escape_string($title).'" WHERE ID='.$post->ID);
+		$result = $wpdb->get_results('SELECT ID, post_title, post_content FROM '.$wpdb->posts.' WHERE post_status = \'publish\' AND  (post_type = \'post\' OR post_type = \'page\') AND NOT (post_content LIKE \'%<!--:-->%\' OR post_title LIKE \'%<!--:-->%\' OR post_content LIKE \'%![:!]%\' ESCAPE \'!\' OR post_title LIKE \'%![:!]%\' ESCAPE \'!\')');
+		if(is_array($result)){
+			foreach($result as $post) {
+				$title=qtranxf_mark_default($post->post_title);
+				$content=qtranxf_mark_default($post->post_content);
+				if( $title==$post->post_title && $content==$post->post_content ) continue;
+				//qtranxf_dbg_log('markdefault:'. PHP_EOL .'title old: '.$post->post_title. PHP_EOL .'title new: '.$title. PHP_EOL .'content old: '.$post->post_content. PHP_EOL .'content new: '.$content); continue;
+				$wpdb->query($wpdb->prepare('UPDATE '.$wpdb->posts.' set post_content = %s, post_title = %s WHERE ID = %d', $content, $title, $post->ID));
+			}
+			$message[] = "All Posts marked as default language!";
 		}
-		$message[] = "All Posts marked as default language!";
 	} elseif(isset($_GET['edit'])){
 		$lang = $_GET['edit'];
 		$original_lang = $lang;

diff --git a/qtranslate.php b/qtranslate.php
@@ -3,7 +3,7 @@
 Plugin Name: qTranslate-X
 Plugin URI: http://wordpress.org/plugins/qtranslate-x/
 Description: Adds user-friendly and database-friendly multilingual content support.
-Version: 3.2.9.9.1
+Version: 3.2.9.9.2
 Author: qTranslate Team
 Author URI: http://qtranslatexteam.wordpress.com/about
 Tags: multilingual, multi, language, admin, tinymce, Polyglot, bilingual, widget, switcher, professional, human, translation, service, qTranslate, zTranslate, mqTranslate, qTranslate Plus, WPML
@@ -108,7 +108,7 @@
 	define( 'QTRANSLATE_FILE', __FILE__ );
 }
 
-define('QTX_VERSION','3.2.9.9.1');
+define('QTX_VERSION','3.2.9.9.2');
 
 require_once(dirname(__FILE__).'/qtranslate_options.php');
 require_once(dirname(__FILE__).'/qtranslate_utils.php');

diff --git a/qtranslate_services.php b/qtranslate_services.php
@@ -533,7 +533,7 @@ function qts_UpdateOrder($order_id) {
 			$post->post_title = qtranxf_join_b($title);
 			$post->post_content = qtranxf_join_b($content);
 			$wpdb->show_errors();
-			$wpdb->query('UPDATE '.$wpdb->posts.' SET post_title="'.mysql_real_escape_string($post->post_title).'", post_content = "'.mysql_real_escape_string($post->post_content).'" WHERE ID = "'.$post->ID.'"');
+			$wpdb->query($wpdb->prepare('UPDATE '.$wpdb->posts.' SET post_title = %s, post_content = %s WHERE ID = %d', $post->post_title, $post->post_content, $post->ID));
 			wp_cache_add($post->ID, $post, 'posts');
 			unset($orders[$key]);
 		}

diff --git a/readme.txt b/readme.txt
@@ -110,6 +110,9 @@ Developers: please drop new topics here, the text will be moved to [qTranslate-X
 * Includes all changes after version 3.2.9. Please, review [Release Notes](https://qtranslatexteam.wordpress.com/2015/03/30/release-notes-3-3).
 * Translation: thanks to all translators contributed.
 
+### 3.2.9.9.2 alpha ###
+* Fix: troublesome use of deprecated function `mysql_real_escape_string` is removed: [WP Topic](https://wordpress.org/support/topic/bulk-remove-language).
+
 ### 3.2.9.9.1 alpha ###
 * Fix: alt attribute for flag icons in widget 'qTranslate Language Chooser': [WP Topic](https://wordpress.org/support/topic/flag-icons-%E2%80%93-missing-alt-attributes).
 * Fix: title attribute for language menu items: [WP Topic](https://wordpress.org/support/topic/language-switcher-menu-flag-images-in-title).