vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Database: Hardening to bring wpdb::prepare() inline with documentation.

Browse Source 
`wpdb::prepare()` supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.



git-svn-id: https://develop.svn.wordpress.org/trunk@41496 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Aaron D. Campbell
2017-09-19 17:55:33 +00:00
parent 88464ecd41
commit e95dc5a26f
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/phpunit/tests/db.php
View File

@@ -273,6 +273,7 @@ class Tests_DB extends WP_UnitTestCase {
$this->assertEquals( "UPDATE test_table SET string_column = '%f is a float, %d is an int 3, %s is a string', field = '4'", $sql );
}
/**
* Test that SQL modes are set correctly
* @ticket 26847
@@ -1115,4 +1116,14 @@ class Tests_DB extends WP_UnitTestCase {
$this->assertSame( 'utf8', $result['charset'] );
$this->assertSame( 'utf8_general_ci', $result['collate'] );
}
/**
*
*/
function test_prepare_with_unescaped_percents() {
global $wpdb;
$sql = $wpdb->prepare( '%d %1$d %%% %', 1 );
$this->assertEquals( '1 %1$d %% %', $sql );
}
}