From a7097f60d5a76125fd2ad4cf27c2d344eb062dc7 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Wed, 7 Nov 2012 19:30:59 +0000 Subject: [PATCH] Enforce a minimum of two arguments for wpdb::prepare(). The first argument is the query (or fragment thereof), which is required. Additional arguments are values to substitute into placeholders. This will generate E_WARNINGs for insufficient arguments when prepare() is called with no additional arguments. This should discourage improper uses of prepare() under the guise of safely running a query. props xknown. fixes #22262. git-svn-id: https://develop.svn.wordpress.org/trunk@22429 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/wp-db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index 1ca4c007c2..391cfa4dc9 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -987,7 +987,7 @@ class wpdb { * @return null|false|string Sanitized query string, null if there is no query, false if there is an error and string * if there was something to prepare */ - function prepare( $query = null ) { // ( $query, *$args ) + function prepare( $query, $args ) { if ( is_null( $query ) ) return;