[glotpress-updates] [GlotPress] #214: Class BPDB doesn't support full sprintf syntax
GlotPress
glotpress-updates at lists.automattic.com
Tue Sep 11 09:05:28 UTC 2012
#214: Class BPDB doesn't support full sprintf syntax
-----------------------+----------------------
Reporter: fmestrone | Owner: somebody
Type: defect | Status: new
Priority: major | Milestone:
Component: general | Version:
Keywords: |
-----------------------+----------------------
In the prepare() method of BPDB the str_replace() calls do not take into
account the extended printf syntax that allows to select the parameter
index from the argument list, like so
{{{
return $this->many("SELECT DISTINCT p.id, p.path, p.name, %1\$s AS
`locale` FROM $this->table p LEFT JOIN $sets_table s ON p.id =
s.project_id WHERE s.locale = %1\$s;", $locale);
}}}
In such an instance with the current code, the parameter is not correctly
escaped.
Proposed change in attached patch.
--
Ticket URL: <http://glotpress.trac.wordpress.org/ticket/214>
GlotPress <http://trac.glotpress.org>
Easy comin', easy goin'
More information about the glotpress-updates
mailing list