Make WordPress Core

Changeset 22304


Ignore:
Timestamp:
10/25/2012 08:52:50 PM (12 years ago)
Author:
nacin
Message:

When replacing floats in wpdb::prepare(), avoid escaped placeholders (%%f). props SergeyBiryukov. fixes #19861.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/wp-db.php

    r22254 r22304  
    999999        $query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
    10001000        $query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
    1001         $query = str_replace( '%f' , '%F', $query ); // Force floats to be locale unaware
     1001        $query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
    10021002        $query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
    10031003        array_walk( $args, array( $this, 'escape_by_ref' ) );
Note: See TracChangeset for help on using the changeset viewer.