@@ -27,27 +27,27 @@ private function get_blog_ids_with_meta_key() {
2727 switch_to_blog ( $ blogblog_id );
2828
2929 // Table exists ?
30- if ( $ wpdbget_var ( "SHOW TABLES LIKE ' $ wpdbpostmeta ' " ) ! = $ wpdbpostmeta ) {
30+ if ( $ wpdbget_var ( $ wpdb -> prepare ( "SHOW TABLES LIKE %s " , $ wpdbpostmeta ) ) != = $ wpdbpostmeta ) {
3131 restore_current_blog ();
3232 continue ;
3333 }
3434
35- $ selects"(
36- SELECT pm.post_id AS post_id, pm.meta_value AS meta_value, {$ blogblog_id } AS blog_id
37- FROM {$ wpdbpostmeta } AS pm
38- WHERE 1 = 1
39- AND pm.meta_key = '_origin_key'
40- ) "
35+ $ blog_idint ) $ blogblog_id ; // Ensure the blog_id is an integer
36+ $ meta_key'_origin_key ' ; // Define the meta_key explicitly
37+
38+ // Use prepare to ensure safe query construction
39+ $ selects$ wpdbprepare ( "(
40+ SELECT pm.post_id AS post_id, pm.meta_value AS meta_value, %d AS blog_id
41+ FROM {$ wpdbpostmeta } AS pm
42+ WHERE pm.meta_key = %s
43+ ) "$ blog_id$ meta_key
4144
4245 restore_current_blog ();
4346 }
4447
45- // Make an union, group doublons with concat
46- $ query' SELECT post_id, meta_value, blog_id FROM ( ' ;
47- $ queryimplode ( ' UNION ALL ' , $ selects
48- $ query' ) AS wp ' ;
48+ $ union_all_queryimplode ( ' UNION ALL ' , $ selects
4949
50- return $ wpdbget_results ( $ query
50+ return $ wpdbget_results ( " SELECT post_id, meta_value, blog_id FROM ( $ union_all_query ) AS wp "
5151 }
5252
5353 /**
0 commit comments