[wp-trac] [WordPress Trac] #42431: wpdb prepare - {} replaced with % if AUTH_SALT is defined as null or empty string
WordPress Trac
noreply at wordpress.org
Tue Nov 7 01:08:13 UTC 2017
#42431: wpdb prepare - {} replaced with % if AUTH_SALT is defined as null or empty
string
-------------------------------------------+---------------------
Reporter: jsonfry | Owner: pento
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.9
Component: Database | Version: 4.8.3
Severity: normal | Resolution: fixed
Keywords: has-patch commit dev-reviewed | Focuses:
-------------------------------------------+---------------------
Changes (by pento):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"42120"]:
{{{
#!CommitTicketReference repository="" revision="42120"
WPDB: Check that `AUTH_SALT` is not empty.
In `wpdb::placeholder_escape()`, the key for `hash_hmac()` defaults to
`AUTH_SALT`, but `hash_hmac()` will return an empty string if the key is
empty.
This had the side effect of the string `{}` being incorrectly replaced
with a `%` character in queries just about to be run on the database.
Props jsonfry.
Fixes #42431.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42431#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list