Changeset 45603
- Timestamp:
- 07/05/2019 05:42:57 AM (6 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-wp-importer.php
r45583 r45603 65 65 // Get count of permalinks 66 66 $meta_key = $importer_name . '_' . $bid . '_permalink'; 67 $sql = $wpdb->prepare( "SELECT COUNT( post_id ) AS cnt FROM $wpdb->postmeta WHERE meta_key = '%s'", $meta_key );67 $sql = $wpdb->prepare( "SELECT COUNT( post_id ) AS cnt FROM $wpdb->postmeta WHERE meta_key = %s", $meta_key ); 68 68 69 69 $result = $wpdb->get_results( $sql ); -
trunk/src/wp-admin/includes/export.php
r45583 r45603 107 107 $post_types = get_post_types( array( 'can_export' => true ) ); 108 108 $esses = array_fill( 0, count( $post_types ), '%s' ); 109 $where = $wpdb->prepare( "{$wpdb->posts}.post_type IN (" . implode( ',', $esses ) . ')', $post_types ); 109 110 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare 111 $where = $wpdb->prepare( "{$wpdb->posts}.post_type IN (" . implode( ',', $esses ) . ')', $post_types ); 110 112 } 111 113 -
trunk/src/wp-includes/class-wp-comment-query.php
r45590 r45603 772 772 foreach ( $post_fields as $field_name => $field_value ) { 773 773 // $field_value may be an array. 774 $esses = array_fill( 0, count( (array) $field_value ), '%s' ); 774 $esses = array_fill( 0, count( (array) $field_value ), '%s' ); 775 776 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare 775 777 $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $field_value ); 776 778 } … … 793 795 $join_posts_table = true; 794 796 795 $esses = array_fill( 0, count( $q_values ), '%s' ); 797 $esses = array_fill( 0, count( $q_values ), '%s' ); 798 799 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare 796 800 $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $q_values ); 797 801 } -
trunk/src/wp-includes/class-wp-meta-query.php
r45590 r45603 624 624 case 'BETWEEN': 625 625 case 'NOT BETWEEN': 626 $meta_value = array_slice( $meta_value, 0, 2 ); 627 $where = $wpdb->prepare( '%s AND %s', $meta_value ); 626 $where = $wpdb->prepare( '%s AND %s', $meta_value[0], $meta_value[1] ); 628 627 break; 629 628 -
trunk/src/wp-includes/taxonomy.php
r45590 r45603 1377 1377 $where = 't.term_id = %d'; 1378 1378 if ( ! empty( $taxonomy ) ) { 1379 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber 1379 1380 return $wpdb->get_row( $wpdb->prepare( $tax_select . $where . ' AND tt.taxonomy = %s', $term, $taxonomy ), ARRAY_A ); 1380 1381 } else { … … 1412 1413 } 1413 1414 1415 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare 1414 1416 $result = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms as t WHERE $where $orderby $limit", $where_fields ) ); 1415 1417 if ( $result ) { … … 1417 1419 } 1418 1420 1421 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare 1419 1422 return $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms as t WHERE $else_where $orderby $limit", $else_where_fields ) ); 1420 1423 } … … 3706 3709 3707 3710 if ( $object_types ) { 3711 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.QuotedDynamicPlaceholderGeneration 3708 3712 $count += (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type IN ('" . implode( "', '", $object_types ) . "') AND term_taxonomy_id = %d", $term ) ); 3709 3713 } -
trunk/tests/phpunit/tests/db.php
r44272 r45603 1613 1613 $part = $wpdb->prepare( ' AND meta_value = %s', ' %s ' ); 1614 1614 $this->assertNotContains( '%s', $part ); 1615 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber 1615 1616 $query = $wpdb->prepare( 'SELECT * FROM {$wpdb->postmeta} WHERE meta_key = %s $part', array( 'foo', 'bar' ) ); 1616 1617 $this->assertNull( $query ); … … 1621 1622 1622 1623 $actual = $wpdb->prepare( 1624 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder 1623 1625 'WHERE second=%2$f AND first=%1$f', 1624 1626 1.1, … … 1635 1637 1636 1638 $actual = $wpdb->prepare( 1639 // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder 1637 1640 'WHERE second=%2$f AND first=%1$f', 1638 1641 array( 1.1, 2.2 )
Note: See TracChangeset
for help on using the changeset viewer.