WordPress.org

Make WordPress Core

Changeset 41628


Ignore:
Timestamp:
09/28/2017 04:31:05 AM (4 years ago)
Author:
pento
Message:

Database: Don't quote placeholders in queries going through $wpdb->prepare()

To bring Core into line with the changes to $wpdb->prepare() in WordPress 4.8.2, query placeholders shouldn't be quoted.

Props jrf, johnjamesjacoby.
Fixes #41983.

Location:
trunk/src
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-importer.php

    r41195 r41628  
    3030        do {
    3131            $meta_key = $importer_name . '_' . $bid . '_permalink';
    32             $sql = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = '%s' LIMIT %d,%d", $meta_key, $offset, $limit );
     32            $sql = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = %s LIMIT %d,%d", $meta_key, $offset, $limit );
    3333            $results = $wpdb->get_results( $sql );
    3434
  • trunk/src/wp-admin/includes/nav-menu.php

    r38981 r41628  
    997997
    998998    // Delete orphaned draft menu items.
    999     $menu_items_to_delete = $wpdb->get_col($wpdb->prepare("SELECT ID FROM $wpdb->posts AS p LEFT JOIN $wpdb->postmeta AS m ON p.ID = m.post_id WHERE post_type = 'nav_menu_item' AND post_status = 'draft' AND meta_key = '_menu_item_orphaned' AND meta_value < '%d'", $delete_timestamp ) );
     999    $menu_items_to_delete = $wpdb->get_col($wpdb->prepare("SELECT ID FROM $wpdb->posts AS p LEFT JOIN $wpdb->postmeta AS m ON p.ID = m.post_id WHERE post_type = 'nav_menu_item' AND post_status = 'draft' AND meta_key = '_menu_item_orphaned' AND meta_value < %d", $delete_timestamp ) );
    10001000
    10011001    foreach ( (array) $menu_items_to_delete as $menu_item_id )
  • trunk/src/wp-includes/functions.php

    r41614 r41628  
    48054805    $delete_timestamp = time() - ( DAY_IN_SECONDS * EMPTY_TRASH_DAYS );
    48064806
    4807     $posts_to_delete = $wpdb->get_results($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < '%d'", $delete_timestamp), ARRAY_A);
     4807    $posts_to_delete = $wpdb->get_results($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < %d", $delete_timestamp), ARRAY_A);
    48084808
    48094809    foreach ( (array) $posts_to_delete as $post ) {
     
    48224822    }
    48234823
    4824     $comments_to_delete = $wpdb->get_results($wpdb->prepare("SELECT comment_id FROM $wpdb->commentmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < '%d'", $delete_timestamp), ARRAY_A);
     4824    $comments_to_delete = $wpdb->get_results($wpdb->prepare("SELECT comment_id FROM $wpdb->commentmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < %d", $delete_timestamp), ARRAY_A);
    48254825
    48264826    foreach ( (array) $comments_to_delete as $comment ) {
  • trunk/src/wp-includes/taxonomy.php

    r41618 r41628  
    37893789            INNER JOIN {$wpdb->postmeta} AS m3 ON ( m3.post_id = m1.post_id )
    37903790        WHERE ( m1.meta_key = '_menu_item_type' AND m1.meta_value = 'taxonomy' )
    3791             AND ( m2.meta_key = '_menu_item_object' AND m2.meta_value = '%s' )
     3791            AND ( m2.meta_key = '_menu_item_object' AND m2.meta_value = %s )
    37923792            AND ( m3.meta_key = '_menu_item_object_id' AND m3.meta_value = %d )",
    37933793        $taxonomy,
  • trunk/src/wp-includes/wp-db.php

    r41496 r41628  
    12681268     *     $find = 'only 43% of planets';
    12691269     *     $like = $wild . $wpdb->esc_like( $find ) . $wild;
    1270      *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE '%s'", $like );
     1270     *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
    12711271     *
    12721272     * Example Escape Chain:
Note: See TracChangeset for help on using the changeset viewer.