WordPress.org
Get WordPress

Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#58515 new defect (bug)

Need to use $wpdb->prepare instead of sprintf

Reported by: hiren1094's profile hiren1094 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Query Keywords: has-patch reporter-feedback 2nd-opinion
Focuses: coding-standards Cc:

Description

Need to use $wpdb->prepare instead of sprintf in "_prime_comment_caches" functions.

File: wp-includes/comment.php

Attachments (3)

58515.patch (813 bytes) - added by hiren1094 2 years ago.
Patch Added
58515-1.diff (962 bytes) - added by nihar007 2 years ago.
A new patch added
58515-1.2.diff (962 bytes) - added by nihar007 2 years ago.
A new patch added

Download all attachments as: .zip

Change History (7)

@hiren1094
2 years ago

Patch Added

#1 @hiren1094
2 years ago

  • Keywords has-patch added; needs-patch removed

#2 @johnbillion
2 years ago

  • Keywords reporter-feedback 2nd-opinion added

Thanks for the ticket and patch @hiren1094 . Have you tested this change? I think you will find it breaks the query because it will cause single quotes to be added to the IN clause.

@nihar007
2 years ago

A new patch added

@nihar007
2 years ago

A new patch added

#3 @hiren1094
2 years ago

@johnbillion

Yes you are correct but I think It should work by @nihar007 patch.

#4 @johnbillion
2 years ago

Thanks again both of you. What problem is being fixed here? The latest patch now uses the prepare() method incorrectly because its second parameter isn't used.

Can you clarify the problem? I'm not sure there's anything that needs to be fixed here.

Note: See TracTickets for help on using tickets.