X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/baca9ce86a38dc54c4574890ee2d352fd81f78b2..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-includes/wp-db.php diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index 4fc829fb..2398002e 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -441,15 +441,6 @@ class wpdb { */ var $collate; - /** - * Whether to use mysql_real_escape_string - * - * @since 2.8.0 - * @access public - * @var bool - */ - var $real_escape = false; - /** * Database Username * @@ -536,7 +527,7 @@ class wpdb { function __construct( $dbuser, $dbpassword, $dbname, $dbhost ) { register_shutdown_function( array( $this, '__destruct' ) ); - if ( WP_DEBUG ) + if ( WP_DEBUG && WP_DEBUG_DISPLAY ) $this->show_errors(); $this->init_charset(); @@ -640,15 +631,14 @@ class wpdb { * @param string $charset The character set (optional) * @param string $collate The collation (optional) */ - function set_charset($dbh, $charset = null, $collate = null) { - if ( !isset($charset) ) + function set_charset( $dbh, $charset = null, $collate = null ) { + if ( ! isset( $charset ) ) $charset = $this->charset; - if ( !isset($collate) ) + if ( ! isset( $collate ) ) $collate = $this->collate; - if ( $this->has_cap( 'collation', $dbh ) && !empty( $charset ) ) { - if ( function_exists( 'mysql_set_charset' ) && $this->has_cap( 'set_charset', $dbh ) ) { + if ( $this->has_cap( 'collation' ) && ! empty( $charset ) ) { + if ( function_exists( 'mysql_set_charset' ) && $this->has_cap( 'set_charset' ) ) { mysql_set_charset( $charset, $dbh ); - $this->real_escape = true; } else { $query = $this->prepare( 'SET NAMES %s', $charset ); if ( ! empty( $collate ) ) @@ -856,24 +846,29 @@ class wpdb { } /** - * Weak escape, using addslashes() + * Do not use, deprecated. + * + * Use esc_sql() or wpdb::prepare() instead. * - * @see addslashes() * @since 2.8.0 + * @deprecated 3.6.0 + * @see wpdb::prepare + * @see esc_sql() * @access private * * @param string $string * @return string */ function _weak_escape( $string ) { + if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) + _deprecated_function( __METHOD__, '3.6', 'wpdb::prepare() or esc_sql()' ); return addslashes( $string ); } /** - * Real escape, using mysql_real_escape_string() or addslashes() + * Real escape, using mysql_real_escape_string() * * @see mysql_real_escape_string() - * @see addslashes() * @since 2.8.0 * @access private * @@ -881,16 +876,17 @@ class wpdb { * @return string escaped */ function _real_escape( $string ) { - if ( $this->dbh && $this->real_escape ) + if ( $this->dbh ) return mysql_real_escape_string( $string, $this->dbh ); - else - return addslashes( $string ); + + $class = get_class( $this ); + _doing_it_wrong( $class, "$class must set a database connection for use with escaping.", E_USER_NOTICE ); + return addslashes( $string ); } /** * Escape data. Works on arrays. * - * @uses wpdb::_escape() * @uses wpdb::_real_escape() * @since 2.8.0 * @access private @@ -900,7 +896,7 @@ class wpdb { */ function _escape( $data ) { if ( is_array( $data ) ) { - foreach ( (array) $data as $k => $v ) { + foreach ( $data as $k => $v ) { if ( is_array($v) ) $data[$k] = $this->_escape( $v ); else @@ -914,24 +910,30 @@ class wpdb { } /** - * Escapes content for insertion into the database using addslashes(), for security. + * Do not use, deprecated. * - * Works on arrays. + * Use esc_sql() or wpdb::prepare() instead. * * @since 0.71 - * @param string|array $data to escape - * @return string|array escaped as query safe string + * @deprecated 3.6.0 + * @see wpdb::prepare() + * @see esc_sql() + * + * @param mixed $data + * @return mixed */ function escape( $data ) { + if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) + _deprecated_function( __METHOD__, '3.6', 'wpdb::prepare() or esc_sql()' ); if ( is_array( $data ) ) { - foreach ( (array) $data as $k => $v ) { + foreach ( $data as $k => $v ) { if ( is_array( $v ) ) - $data[$k] = $this->escape( $v ); + $data[$k] = $this->escape( $v, 'recursive' ); else - $data[$k] = $this->_weak_escape( $v ); + $data[$k] = $this->_weak_escape( $v, 'internal' ); } } else { - $data = $this->_weak_escape( $data ); + $data = $this->_weak_escape( $data, 'internal' ); } return $data; @@ -987,13 +989,10 @@ class wpdb { * @return null|false|string Sanitized query string, null if there is no query, false if there is an error and string * if there was something to prepare */ - function prepare( $query, $args = null ) { + function prepare( $query, $args ) { if ( is_null( $query ) ) return; - if ( func_num_args() < 2 ) - _doing_it_wrong( 'wpdb::prepare', 'wpdb::prepare() requires at least two arguments.', '3.5' ); - $args = func_get_args(); array_shift( $args ); // If args were passed as an array (as in vsprintf), move them up @@ -1205,6 +1204,10 @@ class wpdb { // If there is an error then take note of it.. if ( $this->last_error = mysql_error( $this->dbh ) ) { + // Clear insert_id on a subsequent failed insert. + if ( $this->insert_id && preg_match( '/^\s*(insert|replace)\s/i', $query ) ) + $this->insert_id = 0; + $this->print_error(); return false; } @@ -1693,12 +1696,12 @@ class wpdb { } /** - * Determine if a database supports a particular feature + * Determine if a database supports a particular feature. * * @since 2.7.0 - * @see wpdb::db_version() + * @see wpdb::db_version() * - * @param string $db_cap the feature + * @param string $db_cap The feature to check for. * @return bool */ function has_cap( $db_cap ) { @@ -1706,11 +1709,11 @@ class wpdb { switch ( strtolower( $db_cap ) ) { case 'collation' : // @since 2.5.0 - case 'group_concat' : // @since 2.7 - case 'subqueries' : // @since 2.7 + case 'group_concat' : // @since 2.7.0 + case 'subqueries' : // @since 2.7.0 return version_compare( $version, '4.1', '>=' ); case 'set_charset' : - return version_compare($version, '5.0.7', '>='); + return version_compare( $version, '5.0.7', '>=' ); }; return false;