View Issue Details

IDProjectCategoryView StatusLast Update
0032704mantisbtcode cleanuppublic2023-10-31 16:32
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Target Version2.26.0Fixed in Version2.26.0 
Summary0032704: Remove deprecated function db_prepare_string()
Description

This function has been deprecated for ages, and is no longer useful now that we are consistently using parameterized queries.

There are 2 occurrences left in the code base, which should be removed.

Additional Information

This may impact 3rd party plugins.

Their authors should refactor their code to use parameterized queries so escaping strings is no longer necessary.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master f624e424

2023-05-28 12:44

dregad


Details Diff
Remove deprecated db_prepare_string() function

It was used in:

- user_set_fields() to escape the field names when building the SQL
query to update the user data. This function is normally only used
internally, so $p_fields array can be considered as trusted input.
- file_move_bug_attachments() to escape the file path, which is not
necessary (parameterized query)

Fixes 0032704
Affected Issues
0032704
mod - core/database_api.php Diff File
mod - core/file_api.php Diff File
mod - core/user_api.php Diff File