WordPress.org
Get WordPress

Make WordPress Core

Opened 20 months ago

Last modified 20 months ago

#58515 new defect (bug)

Need to use $wpdb->prepare instead of sprintf

Reported by: hiren1094's profile hiren1094 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Query Keywords: has-patch reporter-feedback 2nd-opinion
Focuses: coding-standards Cc:

Description

Need to use $wpdb->prepare instead of sprintf in "_prime_comment_caches" functions.

File: wp-includes/comment.php

Attachments (3)

58515.patch (813 bytes) - added by hiren1094 20 months ago.
Patch Added
58515-1.diff (962 bytes) - added by nihar007 20 months ago.
A new patch added
58515-1.2.diff (962 bytes) - added by nihar007 20 months ago.
A new patch added

Download all attachments as: .zip

Change History (7)

@hiren1094
20 months ago

Patch Added

#1 @hiren1094
20 months ago

  • Keywords has-patch added; needs-patch removed

#2 @johnbillion
20 months ago

  • Keywords reporter-feedback 2nd-opinion added

Thanks for the ticket and patch @hiren1094 . Have you tested this change? I think you will find it breaks the query because it will cause single quotes to be added to the IN clause.

@nihar007
20 months ago

A new patch added

@nihar007
20 months ago

A new patch added

#3 @hiren1094
20 months ago

@johnbillion

Yes you are correct but I think It should work by @nihar007 patch.

#4 @johnbillion
20 months ago

Thanks again both of you. What problem is being fixed here? The latest patch now uses the prepare() method incorrectly because its second parameter isn't used.

Can you clarify the problem? I'm not sure there's anything that needs to be fixed here.

Note: See TracTickets for help on using tickets.