[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken

WordPress Trac wp-trac at lists.automattic.com
Tue Dec 29 11:41:51 UTC 2009


#11608: wpdb->prepare() is broken
--------------------------+-------------------------------------------------
 Reporter:  hakre         |       Owner:  ryan             
     Type:  defect (bug)  |      Status:  new              
 Priority:  normal        |   Milestone:  3.0              
Component:  Database      |     Version:  2.9              
 Severity:  normal        |    Keywords:  reporter-feedback
--------------------------+-------------------------------------------------

Comment(by hakre):

 Replying to [comment:48 miqrogroove]:
 > > What exactly do you mean by String overflow?
 >
 > Well, "overrun" might be a more correct term.  The array subscripts are
 exceeding the end of the string.
 Regarding String overflow: {{{$query[++$i]}}} you were wrong but pointing
 in the right direction. Wrong, because there is no thing such ''string
 overflow'' or ''overrun'' in PHP, nor are that ''array subscripts''. It's
 standard PHP string access, and even invalid seeming offsets (do not do
 that in C!) are actually possible (if you do not care for notices).
 [http://www.php.net/manual/en/language.types.string.php#language.types.string.substr
 Know the details].

 But you were right because I did not tested boundary conditions well and
 your feedback made me aware of that. For example, the function with an
 empty string would do an iteration in the for loop which is not necessary.
 You're really making up your mind, thanks for the find and thanks for
 taking care! :)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:50>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list