[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries
WordPress Trac
noreply at wordpress.org
Sun Jan 29 00:22:14 UTC 2023
#52506: Add escaping method for table names in SQL queries
-------------------------------------------------+-------------------------
Reporter: tellyworth | Owner:
| davidbaumwald
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.2
Component: Database | Version:
Severity: normal | Resolution: fixed
Keywords: has-unit-tests early needs-docs | Focuses:
has-patch needs-testing needs-dev-note | performance
-------------------------------------------------+-------------------------
Comment (by SergeyBiryukov):
Replying to [comment:77 jrf]:
> Just a question - I can see the use of `str_ends_with()` has been
replaced now, but couldn't this have been solved by moving the `include`
for the `wp-includes/compat.php` file up ? I though that was loaded pretty
early anyway, so I was surprised to see the error being reported.
Yeah, including `compat.php` from `class-wpdb.php` would be another option
and can still be done if preferable.
I went with a fix that does not add a new dependency to the `wpdb` class,
as that might need more discussion. HyperDB loads the `wpdb` class outside
of WordPress core, so `compat.php` was not loaded at all in this case. In
the standard bootstrap process, `compat.php` is already loaded earlier
than `class-wpdb.php`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:78>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list