WordPress.org
Get WordPress

Make WordPress Core

Ticket #11100: 11100.patch

File 11100.patch, 754 bytes (added by Viper007Bond, 16 years ago)

Don't use prepare()

  • wp-includes/post.php

     
    694694        if ( $post_ids ) {
    695695                $postmetaids = $wpdb->get_col( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key ) );
    696696                do_action( 'delete_postmeta', $postmetaids );
    697                 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $postmetaids) ) );
     697                $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id IN(" . implode( ',', $postmetaids) . ')' );
    698698                do_action( 'deleted_postmeta', $postmetaids );
    699699                foreach ( $post_ids as $post_id )
    700700                        wp_cache_delete($post_id, 'post_meta');