mirror of
https://github.com/WordPress/WordPress.git
synced 2024-10-03 10:07:53 +02:00
e7a9fe918c
WordPress does not currently provide an explicit method for escaping SQL table and column names. This leads to potential security vulnerabilities, and makes reviewing code for security unnecessarily difficult. Also, static analysis tools also flag the queries as having unescaped SQL input. Tables and column names in queries are usually in-the-raw, since using the existing `%s` will straight quote the value, making the query invalid. This change introduces a new `%i` placeholder in `$wpdb->prepare` to properly quote table and column names using backticks. Props tellyworth, iandunn, craigfrancis, peterwilsoncc, johnbillion, apokalyptik. Fixes #52506. Built from https://develop.svn.wordpress.org/trunk@53575 git-svn-id: http://core.svn.wordpress.org/trunk@53164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
48 lines
939 B
PHP
48 lines
939 B
PHP
<?php
|
|
/**
|
|
* WordPress Version
|
|
*
|
|
* Contains version information for the current WordPress release.
|
|
*
|
|
* @package WordPress
|
|
* @since 1.2.0
|
|
*/
|
|
|
|
/**
|
|
* The WordPress version string.
|
|
*
|
|
* Holds the current version number for WordPress core. Used to bust caches
|
|
* and to enable development mode for scripts when running from the /src directory.
|
|
*
|
|
* @global string $wp_version
|
|
*/
|
|
$wp_version = '6.1-alpha-53575';
|
|
|
|
/**
|
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
|
*
|
|
* @global int $wp_db_version
|
|
*/
|
|
$wp_db_version = 53496;
|
|
|
|
/**
|
|
* Holds the TinyMCE version.
|
|
*
|
|
* @global string $tinymce_version
|
|
*/
|
|
$tinymce_version = '49110-20201110';
|
|
|
|
/**
|
|
* Holds the required PHP version.
|
|
*
|
|
* @global string $required_php_version
|
|
*/
|
|
$required_php_version = '5.6.20';
|
|
|
|
/**
|
|
* Holds the required MySQL version.
|
|
*
|
|
* @global string $required_mysql_version
|
|
*/
|
|
$required_mysql_version = '5.0';
|