[wp-trac] [WordPress Trac] #42471: In wp_query, the function parse_search need a remove_placeholder_escape()

WordPress Trac noreply at wordpress.org
Wed Nov 8 18:13:52 UTC 2017 

#42471: In wp_query, the function parse_search need a remove_placeholder_escape()
--------------------------+-----------------------------
 Reporter:  w.sung        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Query         |    Version:  4.8.3
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Hi,

 please be patient, this is my first bugreport.

 After update to 4.8.3, my results for wp_query with the parameter "s"
 isn't right anymore. I end up at a $wpdb->prepare() statement. It escapes
 the "%" with a placeholder. But there should also have a
 remove_placeholder_escape() to revert it, or not?

 It looks like this problem:
 https://make.wordpress.org/core/2017/10/31/changed-behaviour-of-esc_sql-
 in-wordpress-4-8-3/

 I hope these are enought information to reproduce it.




 File wp-includes/class-wp-query.php
 protected function parse_search( &$q )
 Near Line: 1354

 {{{#!php
 <?php

                 foreach ( $q['search_terms'] as $term ) {
                         // If there is an $exclusion_prefix, terms
 prefixed with it should be excluded.
                         $exclude = $exclusion_prefix && (
 $exclusion_prefix === substr( $term, 0, 1 ) );
                         if ( $exclude ) {
                                 $like_op  = 'NOT LIKE';
                                 $andor_op = 'AND';
                                 $term     = substr( $term, 1 );
                         } else {
                                 $like_op  = 'LIKE';
                                 $andor_op = 'OR';
                         }
                         if ( $n && ! $exclude ) {
                                 $like = '%' . $wpdb->esc_like( $term ) .
 '%';
                                 $q['search_orderby_title'][] =
 $wpdb->prepare( "{$wpdb->posts}.post_title LIKE %s", $like );
                         }
                         $like = $n . $wpdb->esc_like( $term ) . $n;
                         $search .= $wpdb->prepare(
 "{$searchand}(({$wpdb->posts}.post_title $like_op %s) $andor_op
 ({$wpdb->posts}.post_excerpt $like_op %s) $andor_op
 ({$wpdb->posts}.post_content $like_op %s))", $like, $like, $like );
                         $searchand = ' AND ';
                 }
 }}}

 ?>

 The value of $search looks like:

 ((wp_posts.post_title LIKE
 '{f2585b9c225b37a7c261438045c124df961244ec4d1f7a92c10c3aca6fa8d296}halo{f2585b9c225b37a7c261438045c124df961244ec4d1f7a92c10c3aca6fa8d296}')
 OR (wp_posts.post_excerpt LIKE
 '{f2585b9c225b37a7c261438045c124df961244ec4d1f7a92c10c3aca6fa8d296}halo{f2585b9c225b37a7c261438045c124df961244ec4d1f7a92c10c3aca6fa8d296}')
 OR (wp_posts.post_content LIKE
 '{f2585b9c225b37a7c261438045c124df961244ec4d1f7a92c10c3aca6fa8d296}halo{f2585b9c225b37a7c261438045c124df961244ec4d1f7a92c10c3aca6fa8d296}'))

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42471>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list