[wp-trac] [WordPress Trac] #57678: Missing use of placeholders and $wpdb->prepare()
WordPress Trac
noreply at wordpress.org
Wed Feb 15 10:41:17 UTC 2023
#57678: Missing use of placeholders and $wpdb->prepare()
-----------------------------------------------+---------------------------
Reporter: mahekkalola | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Query | Version:
Severity: major | Resolution:
Keywords: has-patch close reporter-feedback | Focuses: coding-
| standards
-----------------------------------------------+---------------------------
Changes (by johnbillion):
* keywords: has-patch => has-patch close reporter-feedback
Comment:
Thank you both for the ticket and the patch.
* Have you checked the code that surrounds this to find out what it's
doing?
* Have you tested the patch?
I think you'll find this is an exceptional circumstance as this query is a
syntax check for the database prefix entered by the user, and wrapping it
in `prepare()` will prevent it from detecting a disallowed prefix.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57678#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list