Hi mauyxi,
I just encountered the same problem with Peter’s plugin. Did you find a way to solve this issue?
Thanks,
Christian
Thread Starter
mayuxi
(@mayuxi)
Hey, not yet, didn’t dig to it. But I guess it’s related to this problem: http://make.ww.wp.xz.cn/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/
e.g.:
Hello plugin or theme author! You possibly found this post after searching the Internet for the error above: “PHP Warning: Missing argument 2 for wpdb::prepare().”
So, this is a new warning in 3.5. No sites are broken, everything is fine as before. But, this is indeed something you need to look at, because you may be exposing your users to a possible SQL injection vulnerability. Now that’s no fun!…
Thanks mayuxi for the pointer. I just added in the file wp-config.php the following line:
@ini_set(‘display_errors’, 0);
and the error disappeared! 🙂
Let’s hope Peter will fix this issue on his side too.
Cheers,
Christian
Thread Starter
mayuxi
(@mayuxi)
Welcome!
BTW, your solution is not a fix, you just made message disappear, but problem and potential vulnerability is till here. To fix the problem (tip for Peter):
edit this in peters_post_notes.php:
$latest_note = $wpdb->get_var( $wpdb->prepare( "SELECT <code>notecontent</code> FROM $ppn_db_notes
WHERE <code>postid</code> = $post_id
ORDER BY <code>notetime</code> DESC
LIMIT 1;" ) );
to this:
$latest_note = $wpdb->get_var( $wpdb->prepare( "SELECT 'notecontent' FROM $ppn_db_notes
WHERE 'postid' = %d
ORDER BY 'notetime' DESC
LIMIT 1;", $post_id ), $post_id );
Plugin Author
Peter
(@pkthree)
Hi all,
Thanks for reporting this. It should now be fixed in version 1.4.0 of the plugin.
