Context Navigation

Ticket #12416: 12416sprintf.diff

File 12416sprintf.diff, 1.4 KB (added by jamescollins, 3 years ago)
Fixes the usage of %s in $wpdb->prepare() calls

Line
1	Index: wp-includes/functions.php
2	===================================================================
3	--- wp-includes/functions.php (revision 14166)
4	+++ wp-includes/functions.php (working copy)
5	@@ -343,7 +343,7 @@
6	if ( false === $value ) {
7	if ( defined( 'WP_INSTALLING' ) )
8	$suppress = $wpdb->suppress_errors();
9	- $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = '%s' LIMIT 1", $option ) );
10	+ $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1", $option ) );
11	if ( defined( 'WP_INSTALLING' ) )
12	$wpdb->suppress_errors( $suppress );
13
14	@@ -635,11 +635,11 @@
15	wp_protect_special_option( $option );
16
17	// Get the ID, if no ID then return
18	- $row = $wpdb->get_row( $wpdb->prepare( "SELECT autoload FROM $wpdb->options WHERE option_name = '%s'", $option ) );
19	+ $row = $wpdb->get_row( $wpdb->prepare( "SELECT autoload FROM $wpdb->options WHERE option_name = %s", $option ) );
20	if ( is_null( $row ) )
21	return false;
22	do_action( 'delete_option', $option );
23	- $result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = '%s'", $option) );
24	+ $result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = %s", $option) );
25	if ( ! defined( 'WP_INSTALLING' ) ) {
26	if ( 'yes' == $row->autoload ) {
27	$alloptions = wp_load_alloptions();