Make WordPress Core


Ignore:
Timestamp:
09/19/2017 06:43:47 PM (7 years ago)
Author:
aaroncampbell
Message:

Database: Hardening to bring wpdb::prepare() inline with documentation.

wpdb::prepare() supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

Merges [41496] to 3.8 branch.

Location:
branches/3.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.8

  • branches/3.8/tests/phpunit/tests/db.php

    r41481 r41507  
    607607        return 'fake_col_charset';
    608608    }
     609
     610    /**
     611     *
     612     */
     613    function test_prepare_with_unescaped_percents() {
     614        global $wpdb;
     615
     616        $sql = $wpdb->prepare( '%d %1$d %%% %', 1 );
     617        $this->assertEquals( '1 %1$d %% %', $sql );
     618    }
    609619}
    610620
Note: See TracChangeset for help on using the changeset viewer.