From 83a229084ff451aa16ace20ef1a67d7b4a5ff66a Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 8 Jan 2015 08:32:22 +0000 Subject: [PATCH] WPDB: When `wpdb::query()` needs to sanity check a query string, make sure to run `wpdb:flush()` afterwards, to ensure the results from sanity check queries aren't mixed up with the results for the user query. See #21212. Fixes #30948. Built from https://develop.svn.wordpress.org/trunk@31093 git-svn-id: http://core.svn.wordpress.org/trunk@31074 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/version.php | 2 +- wp-includes/wp-db.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/wp-includes/version.php b/wp-includes/version.php index 5eb16a606b..b39d3c537e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.2-alpha-31092'; +$wp_version = '4.2-alpha-31093'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index 0f886f88f1..e7b74a6d45 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -1600,6 +1600,9 @@ class wpdb { // If we're writing to the database, make sure the query will write safely. if ( $this->check_current_query && ! $this->check_ascii( $query ) ) { $stripped_query = $this->strip_invalid_text_from_query( $query ); + // strip_invalid_text_from_query() can perform queries, so we need + // to flush again, just to make sure everything is clear. + $this->flush(); if ( $stripped_query !== $query ) { $this->insert_id = 0; return false;