vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Database: Restore numbered placeholders in wpdb::prepare().

Browse Source 
[41496] removed support for numbered placeholders in queries send through `wpdb::prepare()`, which, despite being undocumented, were quite commonly used.

This change restores support for numbered placeholders (as well as a subset of placeholder formatting), while also adding extra checks to ensure the correct number of arguments are being passed to `wpdb::prepare()`, given the number of placeholders.

See #41925.



git-svn-id: https://develop.svn.wordpress.org/trunk@42056 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast
2017-10-31 11:59:43 +00:00
parent 15f74e83fa
commit a39d599adf
9 changed files with 492 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-includes/post.php
View File

@@ -4317,10 +4317,10 @@ function get_page_by_path( $page_path, $output = OBJECT, $post_type = 'page' ) {
$page_path = str_replace('%2F', '/', $page_path);
$page_path = str_replace('%20', ' ', $page_path);
$parts = explode( '/', trim( $page_path, '/' ) );
$parts = esc_sql( $parts );
$parts = array_map( 'sanitize_title_for_query', $parts );
$escaped_parts = esc_sql( $parts );
$in_string = "'" . implode( "','", $parts ) . "'";
$in_string = "'" . implode( "','", $escaped_parts ) . "'";
if ( is_array( $post_type ) ) {
$post_types = $post_type;