From d64680e98ddc5f91354deb01a0b968de458b6536 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Sat, 28 Jan 2023 13:46:16 +0000 Subject: [PATCH] Database: Replace `str_ends_with()` usage in `wpdb::prepare()`. This avoids a fatal error if the file is included directly outside of WordPress core, e.g. by HyperDB. While WordPress core does include a polyfill function, it is not directly loaded in the `wpdb` class. This commit replaces the `str_ends_with()` calls with `substr_compare()` for now. Follow-up to [55151]. Props Otto42. See #52506. git-svn-id: https://develop.svn.wordpress.org/trunk@55157 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/class-wpdb.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/class-wpdb.php b/src/wp-includes/class-wpdb.php index b615627293..22c54e75ee 100644 --- a/src/wp-includes/class-wpdb.php +++ b/src/wp-includes/class-wpdb.php @@ -1561,7 +1561,9 @@ class wpdb { $format = substr( $placeholder, 1, -1 ); $type = substr( $placeholder, -1 ); - if ( 'f' === $type && true === $this->allow_unsafe_unquoted_parameters && str_ends_with( $split_query[ $key - 1 ], '%' ) ) { + if ( 'f' === $type && true === $this->allow_unsafe_unquoted_parameters + && 0 === substr_compare( $split_query[ $key - 1 ], '%', -1, 1 ) + ) { /* * Before WP 6.2 the "force floats to be locale-unaware" RegEx didn't @@ -1620,7 +1622,9 @@ class wpdb { * First, "numbered or formatted string placeholders (eg, %1$s, %5s)". * Second, if "%s" has a "%" before it, even if it's unrelated (e.g. "LIKE '%%%s%%'"). */ - if ( true !== $this->allow_unsafe_unquoted_parameters || ( '' === $format && ! str_ends_with( $split_query[ $key - 1 ], '%' ) ) ) { + if ( true !== $this->allow_unsafe_unquoted_parameters + || ( '' === $format && 0 !== substr_compare( $split_query[ $key - 1 ], '%', -1, 1 ) ) + ) { $placeholder = "'%" . $format . "s'"; } }