[wp-trac] [WordPress Trac] #19861: $wpdb->prepare() fails with localized floats
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 20 09:20:27 UTC 2012
#19861: $wpdb->prepare() fails with localized floats
--------------------------+-----------------------------
Reporter: laotse | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
The implementation of $wpdb->prepare() is buggy in several aspects. The
mess shows strikingly, if you try to write floats using %f to the database
using a server locale, which has a decimal colon instead of a dot.
Unfortunately sprintf() is localized in contrast to sccanf()! Furthermore,
since PHP performs auto conversion, it can happen that a float is already
passed as a string. Unfortunately, the array_walk() in prepare() escapes
the ',' such that floatval() will drop the decimals. At least it does not
produce another value, like if a float was passed.
I wrote a re-implementation, which also does without any '@' prefixes. It
does well for the plugin - I did not yet try to replace the core function.
I'd gladly provide my code to someone, who knows how to test the code
thoroughly.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19861>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list