diff --git wp-includes/wp-db.php wp-includes/wp-db.php
index 5393240..403f945 100644
|
|
class wpdb { |
1202 | 1202 | return; |
1203 | 1203 | |
1204 | 1204 | // This is not meant to be foolproof -- but it will catch obviously incorrect usage. |
1205 | | if ( strpos( $query, '%' ) === false ) { |
| 1205 | if ( strpos( $query, '%' ) === false && strpos( $query, ':' ) === false ) { |
1206 | 1206 | _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9' ); |
1207 | 1207 | } |
1208 | 1208 | |
… |
… |
class wpdb { |
1211 | 1211 | // If args were passed as an array (as in vsprintf), move them up |
1212 | 1212 | if ( isset( $args[0] ) && is_array($args[0]) ) |
1213 | 1213 | $args = $args[0]; |
| 1214 | |
| 1215 | array_walk( $args, array( $this, 'escape_by_ref' ) ); |
| 1216 | |
| 1217 | // If args were passed as associative array then they're named params |
| 1218 | if ( array_values($args) !== $args ) { |
| 1219 | foreach ( $args as $key => $value ) { |
| 1220 | // Make sure all $keys have ':' preceding them |
| 1221 | $new_key = ':' . ltrim( $key, ':' ); |
| 1222 | unset( $args[$key] ); |
| 1223 | $args[ $new_key ] = $value; |
| 1224 | // In case someone mistakenly already singlequoted/doublequoted it |
| 1225 | $query = str_replace( array( "'$new_key'", '"' . $new_key . '"') , $new_key, $query ); |
| 1226 | } |
| 1227 | return strtr( $query, $args ); |
| 1228 | } |
| 1229 | |
| 1230 | // Else it's in traditional vsprintf format |
1214 | 1231 | $query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it |
1215 | 1232 | $query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting |
1216 | 1233 | $query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware |
1217 | 1234 | $query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s |
1218 | | array_walk( $args, array( $this, 'escape_by_ref' ) ); |
| 1235 | |
1219 | 1236 | return @vsprintf( $query, $args ); |
1220 | 1237 | } |
1221 | 1238 | |