id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
12942	Change str_replace to preg_replace for $wpdb->prepare function	gplaurin		"When using a prepare query like $db->prepare(""SELECT usr.id FROM `tmp_users` AS usr WHERE (usr.`email` = '%1\$s' AND usr.`date` = %2\$s) OR usr.`oemail` = '%1\$s'""); wordpress won't properly handle the quote and double quote replacement.

I'm not an expert with regex but I think this should replace the str_replace's that are there: $query = preg_replace('/[\',""]?(%\d?\$?s)[\',""]?/i', ""'\$1'"", $query);"	defect (bug)	closed	normal		General	2.9.2	normal	wontfix	database, prepare, sprintf