Changeset 42056 for trunk/src/wp-includes/post.php

Timestamp:

10/31/2017 11:59:43 AM (7 years ago)

Author:

pento

Message:

Database: Restore numbered placeholders in wpdb::prepare().

[41496] removed support for numbered placeholders in queries send through wpdb::prepare(), which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to wpdb::prepare(), given the number of placeholders.

See #41925.

File:

• trunk/src/wp-includes/post.php (modified) (1 diff)

trunk/src/wp-includes/post.php

@@ -4318 +4318 @@
     $page_path = str_replace('%20', ' ', $page_path);
     $parts = explode( '/', trim( $page_path, '/' ) );
-    $parts = esc_sql( $parts );
     $parts = array_map( 'sanitize_title_for_query', $parts );
-
-    $in_string = "'" . implode( "','", $parts ) . "'";
+    $escaped_parts = esc_sql( $parts );
+
+    $in_string = "'" . implode( "','", $escaped_parts ) . "'";
 
     if ( is_array( $post_type ) ) {