From 3ebd519a3ee989146081796a24b7ad659c7c8d8b Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Tue, 24 Jun 2014 00:24:14 +0000 Subject: [PATCH] In `$wpdb->update()`, prevent explosions when `$where` is empty. Adds unit tests. Props UmeshSingla, wonderboymusic. Fixes #26106 Built from https://develop.svn.wordpress.org/trunk@28814 git-svn-id: http://core.svn.wordpress.org/trunk@28621 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/wp-db.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index 7a09d62a9e..7366172101 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -1785,7 +1785,9 @@ class wpdb { $wheres[] = "`$field` = {$form}"; } - $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ); + $wheres = empty( $where ) ? '' : ( ' WHERE ' . implode( ' AND ', $wheres ) ); + + $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . $wheres; return $this->query( $this->prepare( $sql, array_merge( array_values( $data ), array_values( $where ) ) ) ); }