Make WordPress Core

Opened 6 months ago

Last modified 6 months ago

#58515 new defect (bug)

Need to use $wpdb->prepare instead of sprintf

Reported by: hiren1094's profile hiren1094 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Query Keywords: has-patch reporter-feedback 2nd-opinion
Focuses: coding-standards Cc:

Description

Need to use $wpdb->prepare instead of sprintf in "_prime_comment_caches" functions.

File: wp-includes/comment.php

Attachments (3)

58515.patch (813 bytes) - added by hiren1094 6 months ago.
Patch Added
58515-1.diff (962 bytes) - added by nihar007 6 months ago.
A new patch added
58515-1.2.diff (962 bytes) - added by nihar007 6 months ago.
A new patch added

Download all attachments as: .zip

Change History (7)

@hiren1094
6 months ago

Patch Added

#1 @hiren1094
6 months ago

  • Keywords has-patch added; needs-patch removed

#2 @johnbillion
6 months ago

  • Keywords reporter-feedback 2nd-opinion added

Thanks for the ticket and patch @hiren1094 . Have you tested this change? I think you will find it breaks the query because it will cause single quotes to be added to the IN clause.

@nihar007
6 months ago

A new patch added

@nihar007
6 months ago

A new patch added

#3 @hiren1094
6 months ago

@johnbillion

Yes you are correct but I think It should work by @nihar007 patch.

#4 @johnbillion
6 months ago

Thanks again both of you. What problem is being fixed here? The latest patch now uses the prepare() method incorrectly because its second parameter isn't used.

Can you clarify the problem? I'm not sure there's anything that needs to be fixed here.

Note: See TracTickets for help on using tickets.