Jump to content
Larry Ullman's Book Forums

Recommended Posts

I'm having an issue with mysql_real_escape_string. This is used to display a custom post type (food menu items) for the WooThemes Diner theme (for WordPress). Food menu items no longer display on the Diner menu page because they are being called with mysql_real_escape_string.

 

What is the proper way to call these items?

 

Theme: Diner by WooThemes version 1.9.8 (now retired from active support)

Affected file: admin-interface.php

Lines: 111 & 118

/*-----------------------------------------------------------------------------------*/
/* WooThemes Admin Interface - woothemes_add_admin */
/*-----------------------------------------------------------------------------------*/

if ( ! function_exists( 'woothemes_add_admin' ) ) {
	function woothemes_add_admin() {

		global $query_string;
		global $current_user;
		$current_user_id = $current_user->user_login;
		$super_user = get_option( 'framework_woo_super_user' );

		$themename =  get_option( 'woo_themename' );
		$shortname =  get_option( 'woo_shortname' );

		// Reset the settings, sanitizing the various requests made.
		// Use a SWITCH to determine which settings to update.

		/* Make sure we're making a request.
   	------------------------------------------------------------*/

		if ( isset( $_REQUEST['page'] ) ) {

			// Sanitize page being requested.
			$_page = '';

			$_page = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['page'] ) ) ) );

			// Sanitize action being requested.
			$_action = '';

			if ( isset( $_REQUEST['woo_save'] ) ) {

				$_action = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['woo_save'] ) ) ) );

			} // End IF Statement

			// If the action is "reset", run the SWITCH.

			/* Perform settings reset.
  		------------------------------------------------------------*/

Link to comment
Share on other sites

 Share

×
×
  • Create New...