Context Navigation

wp-db.php

Timestamp:

09/19/2017 06:41:11 PM (8 years ago)

Author:

aaroncampbell

Message:

Database: Hardening to bring wpdb::prepare() inline with documentation.

wpdb::prepare() supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 4.0 branch.

Location:

branches/4.0

Files:

r41492	r41505
1224	1224	$query = preg_replace( '\|(?<!%)%f\|' , '%F', $query ); // Force floats to be locale unaware
1225	1225	$query = preg_replace( '\|(?<!%)%s\|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
	1226	$query = preg_replace( '/%(?:%\|$\|([^dsF]))/', '%%\\1', $query ); // escape any unescaped percents
1226	1227	array_walk( $args, array( $this, 'escape_by_ref' ) );
1227	1228	return @vsprintf( $query, $args );

Note: See TracChangeset for help on using the changeset viewer.