WordPress.org

Make WordPress Core

Ticket #11608: 11608.diff

File 11608.diff, 665 bytes (added by dd32, 8 years ago)
  • wp-includes/wp-db.php

     
    562562                        $args = $args[0];
    563563                $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
    564564                $query = str_replace('"%s"', '%s', $query); // doublequote unquoting
    565                 $query = str_replace('%s', "'%s'", $query); // quote the strings
     565                $query = preg_replace('|(?<!%)%s|', "'%s'", $query); //quote the strings, Avoiding escaped strings
    566566                array_walk($args, array(&$this, 'escape_by_ref'));
    567567                return @vsprintf($query, $args);
    568568        }