WordPress.org

Make WordPress Core

Ticket #12416: 12416sprintf.diff

File 12416sprintf.diff, 1.4 KB (added by jamescollins, 4 years ago)

Fixes the usage of %s in $wpdb->prepare() calls

  • wp-includes/functions.php

     
    343343                if ( false === $value ) { 
    344344                        if ( defined( 'WP_INSTALLING' ) ) 
    345345                                $suppress = $wpdb->suppress_errors(); 
    346                         $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = '%s' LIMIT 1", $option ) ); 
     346                        $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1", $option ) ); 
    347347                        if ( defined( 'WP_INSTALLING' ) ) 
    348348                                $wpdb->suppress_errors( $suppress ); 
    349349 
     
    635635        wp_protect_special_option( $option ); 
    636636 
    637637        // Get the ID, if no ID then return 
    638         $row = $wpdb->get_row( $wpdb->prepare( "SELECT autoload FROM $wpdb->options WHERE option_name = '%s'", $option ) ); 
     638        $row = $wpdb->get_row( $wpdb->prepare( "SELECT autoload FROM $wpdb->options WHERE option_name = %s", $option ) ); 
    639639        if ( is_null( $row ) ) 
    640640                return false; 
    641641        do_action( 'delete_option', $option ); 
    642         $result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = '%s'", $option) ); 
     642        $result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = %s", $option) ); 
    643643        if ( ! defined( 'WP_INSTALLING' ) ) { 
    644644                if ( 'yes' == $row->autoload ) { 
    645645                        $alloptions = wp_load_alloptions();