Ticket #47678: 47678-wpdb-prepare.patch

src/wp-includes/wp-db.php

@@ -1267 +1267 @@
          *   %f (float)
          *   %s (string)
          *
-         * All placeholders MUST be left unquoted in the query string. A corresponding argument MUST be passed for each placeholder.
+         * All placeholders MUST be left unquoted in the query string. A corresponding argument
+         * MUST be passed for each placeholder.
          *
-         * For compatibility with old behavior, numbered or formatted string placeholders (eg, %1$s, %5s) will not have quotes
-         * added by this function, so should be passed with appropriate quotes around them for your usage.
+         * For compatibility with old behavior, numbered or formatted string placeholders (eg, %1$s, %5s)
+         * will not have quotes added by this function, so should be passed with appropriate quotes around
+         * them for your usage.
          *
          * Literal percentage signs (%) in the query string must be written as %%. Percentage wildcards (for example,
          * to use in LIKE syntax) must be passed via a substitution argument containing the complete LIKE string, these
          * cannot be inserted directly in the query string. Also see wpdb::esc_like().
          *
-         * Arguments may be passed as individual arguments to the method, or as a single array containing all arguments. A combination
-         * of the two is not supported.
+         * Arguments may be passed as individual arguments to the method, or as a single array containing
+         * all arguments. A combination of the two is not supported.
          *
          * Examples:
          *     $wpdb->prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s", array( 'foo', 1337, '%bar' ) );
@@ -1287 +1289 @@
          * @since 2.3.0
          *
          * @param string      $query   Query statement with sprintf()-like placeholders
-         * @param array|mixed $args    The array of variables to substitute into the query's placeholders if being called with an array of arguments,
-         *                             or the first variable to substitute into the query's placeholders if being called with individual arguments.
-         * @param mixed       ...$args further variables to substitute into the query's placeholders if being called wih individual arguments.
+         * @param array|mixed $args    The array of variables to substitute into the query's placeholders
+         *                             if being called with an array of arguments, or the first variable
+         *                             to substitute into the query's placeholders if being called with
+         *                             individual arguments.
+         * @param mixed       ...$args Further variables to substitute into the query's placeholders
+         *                             if being called with individual arguments.
          * @return string|void Sanitized query string, if there is a query to prepare.
          */
-        public function prepare( $query, $args ) {
+        public function prepare( $query, ...$args ) {
                 if ( is_null( $query ) ) {
                         return;
                 }
@@ -1303 +1308 @@
                         _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9.0' );
                 }
 
-                $args = func_get_args();
-                array_shift( $args );
-
                 // If args were passed as an array (as in vsprintf), move them up.
                 $passed_as_array = false;
                 if ( is_array( $args[0] ) && count( $args ) == 1 ) {