From 14c75331627bab4a3d4f4ab6dcfc66279a83bdbf Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Fri, 5 Jul 2019 05:43:55 +0000 Subject: [PATCH] Coding Standards: Fix all `WordPress.DB.PreparedSQLPlaceholders` issues. See #47632. Built from https://develop.svn.wordpress.org/trunk@45603 git-svn-id: http://core.svn.wordpress.org/trunk@45414 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/class-wp-importer.php | 2 +- wp-admin/includes/export.php | 4 +++- wp-includes/class-wp-comment-query.php | 8 ++++++-- wp-includes/class-wp-meta-query.php | 3 +-- wp-includes/taxonomy.php | 4 ++++ wp-includes/version.php | 2 +- 6 files changed, 16 insertions(+), 7 deletions(-) diff --git a/wp-admin/includes/class-wp-importer.php b/wp-admin/includes/class-wp-importer.php index fcbf7f71b8..96db3b4458 100644 --- a/wp-admin/includes/class-wp-importer.php +++ b/wp-admin/includes/class-wp-importer.php @@ -64,7 +64,7 @@ class WP_Importer { // Get count of permalinks $meta_key = $importer_name . '_' . $bid . '_permalink'; - $sql = $wpdb->prepare( "SELECT COUNT( post_id ) AS cnt FROM $wpdb->postmeta WHERE meta_key = '%s'", $meta_key ); + $sql = $wpdb->prepare( "SELECT COUNT( post_id ) AS cnt FROM $wpdb->postmeta WHERE meta_key = %s", $meta_key ); $result = $wpdb->get_results( $sql ); diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php index 7f5db428f0..c9959cb852 100644 --- a/wp-admin/includes/export.php +++ b/wp-admin/includes/export.php @@ -106,7 +106,9 @@ function export_wp( $args = array() ) { } else { $post_types = get_post_types( array( 'can_export' => true ) ); $esses = array_fill( 0, count( $post_types ), '%s' ); - $where = $wpdb->prepare( "{$wpdb->posts}.post_type IN (" . implode( ',', $esses ) . ')', $post_types ); + + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare + $where = $wpdb->prepare( "{$wpdb->posts}.post_type IN (" . implode( ',', $esses ) . ')', $post_types ); } if ( $args['status'] && ( 'post' == $args['content'] || 'page' == $args['content'] ) ) { diff --git a/wp-includes/class-wp-comment-query.php b/wp-includes/class-wp-comment-query.php index fc33d935b8..eba9ddf54e 100644 --- a/wp-includes/class-wp-comment-query.php +++ b/wp-includes/class-wp-comment-query.php @@ -771,7 +771,9 @@ class WP_Comment_Query { $join_posts_table = true; foreach ( $post_fields as $field_name => $field_value ) { // $field_value may be an array. - $esses = array_fill( 0, count( (array) $field_value ), '%s' ); + $esses = array_fill( 0, count( (array) $field_value ), '%s' ); + + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $field_value ); } } @@ -792,7 +794,9 @@ class WP_Comment_Query { $join_posts_table = true; - $esses = array_fill( 0, count( $q_values ), '%s' ); + $esses = array_fill( 0, count( $q_values ), '%s' ); + + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare $this->sql_clauses['where'][ $field_name ] = $wpdb->prepare( " {$wpdb->posts}.{$field_name} IN (" . implode( ',', $esses ) . ')', $q_values ); } } diff --git a/wp-includes/class-wp-meta-query.php b/wp-includes/class-wp-meta-query.php index 8fa22e22d5..3732f25b8f 100644 --- a/wp-includes/class-wp-meta-query.php +++ b/wp-includes/class-wp-meta-query.php @@ -623,8 +623,7 @@ class WP_Meta_Query { case 'BETWEEN': case 'NOT BETWEEN': - $meta_value = array_slice( $meta_value, 0, 2 ); - $where = $wpdb->prepare( '%s AND %s', $meta_value ); + $where = $wpdb->prepare( '%s AND %s', $meta_value[0], $meta_value[1] ); break; case 'LIKE': diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index a59fc9c041..3887efa6e3 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -1376,6 +1376,7 @@ function term_exists( $term, $taxonomy = '', $parent = null ) { } $where = 't.term_id = %d'; if ( ! empty( $taxonomy ) ) { + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber return $wpdb->get_row( $wpdb->prepare( $tax_select . $where . ' AND tt.taxonomy = %s', $term, $taxonomy ), ARRAY_A ); } else { return $wpdb->get_var( $wpdb->prepare( $select . $where, $term ) ); @@ -1411,11 +1412,13 @@ function term_exists( $term, $taxonomy = '', $parent = null ) { return $wpdb->get_row( $wpdb->prepare( "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s $orderby $limit", $else_where_fields ), ARRAY_A ); } + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare $result = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms as t WHERE $where $orderby $limit", $where_fields ) ); if ( $result ) { return $result; } + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare return $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms as t WHERE $else_where $orderby $limit", $else_where_fields ) ); } @@ -3705,6 +3708,7 @@ function _update_post_term_count( $terms, $taxonomy ) { } if ( $object_types ) { + // phpcs:ignore WordPress.DB.PreparedSQLPlaceholders.QuotedDynamicPlaceholderGeneration $count += (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type IN ('" . implode( "', '", $object_types ) . "') AND term_taxonomy_id = %d", $term ) ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 182bce2c9a..acfbef836f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-alpha-45602'; +$wp_version = '5.3-alpha-45603'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.