WordPress.org

Make WordPress Core

Ticket #12416: 12416sprintf.diff

File 12416sprintf.diff, 1.4 KB (added by jamescollins, 8 years ago)

Fixes the usage of %s in $wpdb->prepare() calls

  • wp-includes/functions.php

     
    343343                if ( false === $value ) {
    344344                        if ( defined( 'WP_INSTALLING' ) )
    345345                                $suppress = $wpdb->suppress_errors();
    346                         $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = '%s' LIMIT 1", $option ) );
     346                        $row = $wpdb->get_row( $wpdb->prepare( "SELECT option_value FROM $wpdb->options WHERE option_name = %s LIMIT 1", $option ) );
    347347                        if ( defined( 'WP_INSTALLING' ) )
    348348                                $wpdb->suppress_errors( $suppress );
    349349
     
    635635        wp_protect_special_option( $option );
    636636
    637637        // Get the ID, if no ID then return
    638         $row = $wpdb->get_row( $wpdb->prepare( "SELECT autoload FROM $wpdb->options WHERE option_name = '%s'", $option ) );
     638        $row = $wpdb->get_row( $wpdb->prepare( "SELECT autoload FROM $wpdb->options WHERE option_name = %s", $option ) );
    639639        if ( is_null( $row ) )
    640640                return false;
    641641        do_action( 'delete_option', $option );
    642         $result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = '%s'", $option) );
     642        $result = $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->options WHERE option_name = %s", $option) );
    643643        if ( ! defined( 'WP_INSTALLING' ) ) {
    644644                if ( 'yes' == $row->autoload ) {
    645645                        $alloptions = wp_load_alloptions();