Make WordPress Core

Opened 12 months ago

Last modified 11 months ago

#58515 new defect (bug)

Need to use $wpdb->prepare instead of sprintf

Reported by: hiren1094's profile hiren1094 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Query Keywords: has-patch reporter-feedback 2nd-opinion
Focuses: coding-standards Cc:

Description

Need to use $wpdb->prepare instead of sprintf in "_prime_comment_caches" functions.

File: wp-includes/comment.php

Attachments (3)

58515.patch (813 bytes) - added by hiren1094 12 months ago.
Patch Added
58515-1.diff (962 bytes) - added by nihar007 12 months ago.
A new patch added
58515-1.2.diff (962 bytes) - added by nihar007 12 months ago.
A new patch added

Download all attachments as: .zip

Change History (7)

@hiren1094
12 months ago

Patch Added

#1 @hiren1094
12 months ago

  • Keywords has-patch added; needs-patch removed

#2 @johnbillion
12 months ago

  • Keywords reporter-feedback 2nd-opinion added

Thanks for the ticket and patch @hiren1094 . Have you tested this change? I think you will find it breaks the query because it will cause single quotes to be added to the IN clause.

@nihar007
12 months ago

A new patch added

@nihar007
12 months ago

A new patch added

#3 @hiren1094
11 months ago

@johnbillion

Yes you are correct but I think It should work by @nihar007 patch.

#4 @johnbillion
11 months ago

Thanks again both of you. What problem is being fixed here? The latest patch now uses the prepare() method incorrectly because its second parameter isn't used.

Can you clarify the problem? I'm not sure there's anything that needs to be fixed here.

Note: See TracTickets for help on using tickets.