[wp-trac] Re: [WordPress Trac] #6894: 2.5.1 only - some post text
(persian) causes timeout on publish (not save)
WordPress Trac
wp-trac at lists.automattic.com
Fri May 2 16:18:16 GMT 2008
#6894: 2.5.1 only - some post text (persian) causes timeout on publish (not save)
----------------------------+-----------------------------------------------
Reporter: jeremyclarke | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.5.2
Component: Administration | Version: 2.5
Severity: critical | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Changes (by westi):
* version: 2.5.1 => 2.5
Comment:
Looks like this is caused by dodgy implementation of $wpdb->prepare().
e.g. from wp-includes/post.php
{{{
if ( 'draft' != $post_status ) {
$post_name_check = $wpdb->get_var($wpdb->prepare("SELECT
post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID
!= %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID,
$post_parent));
if ($post_name_check || in_array($post_name,
$wp_rewrite->feeds) ) {
$suffix = 2;
do {
$alt_post_name = substr($post_name, 0,
200-(strlen($suffix)+1)). "-$suffix";
// expected_slashed ($alt_post_name,
$post_name, $post_type)
$post_name_check =
$wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE
post_name = '$alt_post_name' AND post_type = '$post_type' AND ID != %d AND
post_parent = %d LIMIT 1", $post_ID, $post_parent));
$suffix++;
} while ($post_name_check);
$post_name = $alt_post_name;
}
}
}}}
Things are being substituted into the string passed in, which is passed to
vsprintf - if these contain '%...' then the substitution is going to get
all broken
--
Ticket URL: <http://trac.wordpress.org/ticket/6894#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list