Use of LIKE ‘%%%s%%’

Hi,

At the moment your plugin uses 2 instances of "%%%s%%" in feeds.php:

$where .= ' AND feed_name LIKE "%%%s%%"';

While this is fine at the moment, it is an undocumented “feature” that should be removed in the future.

The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete LIKE string should be provided via the arguments, e.g.

$where .= ' AND feed_name LIKE %s';

$prepare_args[] = '%' . $wpdb->esc_like( $this->search_text ) . '%';

I will note that you’re currently using esc_html() and stripslashes(), but I’m not sure if they are needed.

It’s undocumented because the "%%" should only provide a single literal percentage sign, and not cause the following "%s" to be unquoted.