From d5757ca9f82cef499e7230115913d0c00735f3d9 Mon Sep 17 00:00:00 2001 From: Aaron Holbrook Date: Thu, 29 Jun 2017 08:26:22 -0500 Subject: [PATCH] Use wpdb prepare instead of sanitize text field --- composer.json | 2 +- utils.php | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index b71f98a..8333509 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "zeek/wp-utils", "description": "A collection of functions that provide utility functionality for WordPress.", - "version": "0.4.0", + "version": "0.4.1", "type": "library", "license": "proprietary", "authors": [ diff --git a/utils.php b/utils.php index 06bdf0e..1113215 100644 --- a/utils.php +++ b/utils.php @@ -78,19 +78,26 @@ function get_id_from_slug( $slug, $post_type = 'post', $force = false ) { * * @return int */ +/** + * Performs a very direct, simple query that bypasses the normal WP caching + * + * @param $key + * + * @return int + */ function get_raw_option_value( $key ) { global $wpdb; - $sql = sprintf( " + $sql = $wpdb->prepare( " SELECT option_value FROM - wp_options + {$wpdb->options} WHERE - option_name = '%s' + option_name = %s LIMIT 1 ", - sanitize_text_field( $key ) + $key ); $version = $wpdb->get_var( $sql );