WordPress.org

Make WordPress Core

Ticket #11608: 11608.diff

File 11608.diff, 665 bytes (added by dd32, 4 years ago)
  • wp-includes/wp-db.php

     
    562562                        $args = $args[0]; 
    563563                $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it 
    564564                $query = str_replace('"%s"', '%s', $query); // doublequote unquoting 
    565                 $query = str_replace('%s', "'%s'", $query); // quote the strings 
     565                $query = preg_replace('|(?<!%)%s|', "'%s'", $query); //quote the strings, Avoiding escaped strings 
    566566                array_walk($args, array(&$this, 'escape_by_ref')); 
    567567                return @vsprintf($query, $args); 
    568568        }