id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
12942,Change str_replace to preg_replace for $wpdb->prepare function,gplaurin,,"When using a prepare query like $db->prepare(""SELECT usr.id FROM `tmp_users` AS usr WHERE (usr.`email` = '%1\$s' AND usr.`date` = %2\$s) OR usr.`oemail` = '%1\$s'""); wordpress won't properly handle the quote and double quote replacement.

I'm not an expert with regex but I think this should replace the str_replace's that are there: $query = preg_replace('/[\',""]?(%\d?\$?s)[\',""]?/i', ""'\$1'"", $query);",defect (bug),closed,normal,,General,2.9.2,normal,wontfix,"database, prepare, sprintf",